CWE•Base•Draft•4 recent CVEs

CWE-296Improper Following of a Certificate's Chain of Trust

Description

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

[object Object]

Common consequences

Non-Repudiation→Hide Activities
Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.
Integrity,Confidentiality,Availability,Access Control→Gain Privileges or Assume Identity,Execute Unauthorized Code or Commands
Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Potential mitigations

Architecture and Design
Ensure that proper certificate checking is included in the system design.
Implementation
Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.
Implementation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust.

Related CWEs

CWE-295Improper Certificate Validation CWE-573Improper Following of Specification by Caller

Recent CVEs classified under this CWE

CVE-2026-427894.82026-05-27 CVE-2026-448527.22026-05-12 CVE-2025-105394.82026-04-28 CVE-2026-337796.52026-04-09