平台
go
组件
github.com/smallstep/certificates
修复版本
0.30.1
0.30.0
CVE-2026-30836 describes a critical authorization bypass vulnerability in Smallstep Certificates, specifically within the SCEP (Simple Certificate Enrollment Protocol) provisioner. An attacker can exploit this flaw to create certificates without proper authorization checks being performed, potentially leading to the issuance of certificates for malicious purposes. This vulnerability affects versions prior to 0.30.0, and a patch has been released to address the issue.
The impact of this vulnerability is severe. An attacker who successfully exploits CVE-2026-30836 can generate certificates without authorization, effectively impersonating legitimate entities or gaining access to resources protected by those certificates. This could lead to widespread compromise, including data breaches, privilege escalation, and the deployment of malicious infrastructure. The ability to bypass authorization checks fundamentally undermines the trust model of the certificate authority, allowing attackers to operate with a high degree of anonymity and potentially evade detection. The blast radius extends to any system or service relying on certificates issued by the vulnerable Smallstep CA.
CVE-2026-30836 was publicly disclosed on 2026-03-19. The vulnerability's severity is high due to the potential for unauthorized certificate issuance. No public proof-of-concept (PoC) code has been released as of this writing, but the ease of exploitation described in the advisory suggests a high probability of exploitation if a PoC is developed. It is not currently listed on the CISA KEV catalog.
Organizations relying on Smallstep Certificates as their certificate authority, particularly those using SCEP for device enrollment or automated certificate provisioning, are at significant risk. This includes DevOps teams managing infrastructure-as-code, IoT device manufacturers using SCEP for device certificates, and organizations with legacy systems that rely on SCEP for authentication.
• linux / server: Monitor Smallstep Certificates logs for unusual SCEP requests or certificate issuance events. Use journalctl -u smallstep-ca to filter for relevant log messages.
journalctl -u smallstep-ca | grep -i "sccep request" | grep -i "authorization"• go / supply-chain: Examine Smallstep Certificates source code for instances of the vulnerable SCEP parsing logic. Look for areas where message type validation is insufficient. • generic web: If Smallstep Certificates is exposed via a web interface, monitor access logs for suspicious requests targeting the SCEP endpoint.
disclosure
漏洞利用状态
EPSS
0.01% (1% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-30836 is to immediately upgrade to Smallstep Certificates version 0.30.0 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter SCEP request validation rules at the network level to filter out potentially malicious requests. While not a complete solution, this can provide a temporary layer of defense. Monitor SCEP request logs for unusual patterns or unexpected certificate requests. After upgrading, confirm the fix by attempting a SCEP request with invalid credentials to ensure authorization checks are properly enforced.
将 Step CA 更新到 0.30.0 或更高版本。此版本修复了允许通过 SCEP UpdateReq 进行未认证证书签发的漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-30836 is a critical vulnerability in Smallstep Certificates that allows attackers to bypass authorization checks during SCEP certificate provisioning, potentially leading to unauthorized certificate issuance.
If you are using Smallstep Certificates versions prior to 0.30.0 and utilize the SCEP provisioner, you are potentially affected by this vulnerability.
Upgrade to Smallstep Certificates version 0.30.0 or later to mitigate this vulnerability. Consider implementing stricter SCEP request validation as a temporary measure.
While no public exploits are currently known, the ease of exploitation suggests a high probability of exploitation if a PoC is developed.
Refer to the official Smallstep security advisory for detailed information and updates: [https://smallstep.com/security/advisories/CVE-2026-30836](https://smallstep.com/security/advisories/CVE-2026-30836)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 go.mod 文件,立即知道是否受影响。