โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-45574
CVE-2026-45574 - epa4all-client: TLS Certificate Validation Disabled in Production
๐Ÿ“… 2026-05-27 01:16:43
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High Exploit General

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-45574 Published : May 26, 2026, 10:16 p.m. | 8ย hours, 7ย minutes ago Description :epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept all SOAP traffic. This include

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

epa4all-client: TLS Certificate

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Exploit

๐Ÿ”— CVE ID

CVE-2026-45574

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-45574 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†