CVE-2026-8367
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
13/05/2026
Last modified:
13/05/2026
Description
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM



