CWE-295: Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
Last updated
Overview
CWE-295 (Improper Certificate Validation) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Background
A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.
Real-world CVEs
678 recorded CVEs are caused by CWE-295 (Improper Certificate Validation), including 4 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 175 new CWE-295 CVEs have been recorded so far in 2026 (143 in 2025).
- CVE-2022-26923CISA KEV
Active Directory Domain Services Elevation of Privilege Vulnerability
High · CVSS 8.7 · EPSS 100th2022-05-10 - CVE-2020-0601CISA KEVHigh · CVSS 8.6 · EPSS 100th2020-01-14
- CVE-2023-20963CISA KEVHigh · CVSS 8.5 · EPSS 70th2023-03-24
- CVE-2023-41991CISA KEVMedium · CVSS 6.7 · EPSS 91th2023-09-21
- CVE-2026-4370
Improper TLS Client/Server authentication and certificate verification on Database Cluster
Critical · CVSS 10.0 · EPSS 30th2026-04-01 - CVE-2025-68121
Unexpected session resumption in crypto/tls
Critical · CVSS 10.0 · EPSS 51th2026-02-05 - CVE-2024-5261Critical · CVSS 10.0 · EPSS 35th2024-06-25
- CVE-2026-59836Critical · CVSS 9.8 · EPSS 3th2026-07-14
- CVE-2026-32253
Sunshine: Authentication bypass via improper client certificate validation
Critical · CVSS 9.8 · EPSS 21th2026-05-22 - CVE-2026-40974Critical · CVSS 9.8 · EPSS 8th2026-04-27
- CVE-2026-20184
Cisco Webex Meetings Certificate Validation Vulnerability
Critical · CVSS 9.8 · EPSS 41th2026-04-15 - CVE-2026-2590Critical · CVSS 9.8 · EPSS 34th2026-03-03
Showing 12 of 678 recorded CWE-295 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-295 vulnerabilitiesCommon consequences
What can happen when CWE-295 is exploited.
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Affects: Integrity, Authentication
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-295, grouped by where in the lifecycle they apply.
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
How to detect it
Automated Static Analysis - Binary or Bytecode
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Manual Static Analysis - Binary or Bytecode
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Dynamic Analysis with Automated Results Interpretation
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Dynamic Analysis with Manual Results Interpretation
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Manual Static Analysis - Source Code
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Automated Static Analysis - Source Code
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Architecture or Design Review
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
This code checks the certificate of a connected peer.
Vulnerable example
if ((cert = SSL_get_peer_certificate(ssl)) && host)In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client.
The following OpenSSL code obtains a certificate and verifies it.
Vulnerable example
cert = SSL_get_peer_certificate(ssl);Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.
The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.
Vulnerable example
if (cert = SSL_get_peer(certificate(ssl)) {If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate.
The following OpenSSL code ensures that there is a certificate before continuing execution.
Vulnerable example
if (cert = SSL_get_peer_certificate(ssl)) {Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host.
The following OpenSSL code ensures that the host has a certificate.
Vulnerable example
if (cert = SSL_get_peer_certificate(ssl)) {Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2019-12496 — A Go framework for robotics, drones, and IoT devices skips verification of root CA certificates by default.
- CVE-2014-1266 — Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint). The code's whitespace indentation did not reflect the actual control flow (CWE-1114) and did not explicitly delimit the block (CWE-483), which could have made it more difficult for human code auditors to detect the vulnerability.
- CVE-2021-22909 — Chain: router's firmware update procedure uses curl with "-k" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).
- CVE-2008-4989 — Verification function trusts certificate chains in which the last certificate is self-signed.
- CVE-2012-5821 — Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA)
- CVE-2009-3046 — Web browser does not check if any intermediate certificates are revoked.
- CVE-2011-0199 — Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
- CVE-2012-5810 — Mobile banking application does not verify hostname, leading to financial loss.
- CVE-2012-3446 — Cloud-support library written in Python uses incorrect regular expression when matching hostname.
- CVE-2009-2408 — Web browser does not correctly handle '\0' character (NUL) in Common Name, allowing spoofing of https sites.
- CVE-2012-2993 — Smartphone device does not verify hostname, allowing spoofing of mail services.
- CVE-2012-5822 — Application uses third-party library that does not validate hostname.
- CVE-2012-5819 — Cloud storage management application does not validate hostname.
- CVE-2012-5817 — Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
- CVE-2010-1378 — Chain: incorrect calculation (CWE-682) allows attackers to bypass certificate checks (CWE-295)
- CVE-2007-6746 — library for SSL and TLS does not check the activation or expiration dates of CA certificates
- CVE-2005-3170 — LDAP client accepts certificates even if they are not from a trusted CA.
- CVE-2009-0265 — chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.
- CVE-2003-1229 — chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.
- CVE-2002-0862 — Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.
- CVE-2009-1358 — chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.
Terminology & mappings
Mapped taxonomies
- OWASP Top Ten 2004: Insecure Configuration Management (A10) — CWE More Specific fit
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-295.
- What is CWE-295?
- The product does not validate, or incorrectly validates, a certificate.
- What CVEs are caused by CWE-295?
- 678 recorded CVEs are attributed to CWE-295, including CVE-2022-26923, CVE-2020-0601, CVE-2023-20963. 4 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Is CWE-295 part of the OWASP Top 10?
- CWE-295 maps to OWASP Top Ten 2004: Insecure Configuration Management (A10) in the OWASP security taxonomy.
- How do you prevent CWE-295?
- Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
- How is CWE-295 detected?
- Automated Static Analysis - Binary or Bytecode: According to SOAR [REF-1479], the following detection techniques may be useful:
- What are the consequences of CWE-295?
- Exploiting CWE-295 can lead to: Bypass Protection Mechanism, Gain Privileges or Assume Identity.
- Is CWE-295 actively exploited?
- Yes. 4 CWE-295 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 678 recorded CVEs.
References
- MITRE CWE definition (CWE-295) (opens in a new tab)
- CWE-295 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-295
Get alerted the moment a new CWE-295 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.