Variant weakness
Incomplete
CWE-599: Missing Validation of OpenSSL Certificate
The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.
Last updated
11
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Variant
Abstraction
MITRE classification
Overview
CWE-599 (Missing Validation of OpenSSL Certificate) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
11 recorded CVEs are caused by CWE-599 (Missing Validation of OpenSSL Certificate). The highest-severity and most recent are shown first. 1 new CWE-599 CVE has been recorded so far in 2026 (5 in 2025).