{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-33896", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.490Z", "datePublished": "2026-03-27T20:50:03.418Z", "dateUpdated": "2026-07-15T01:05:26.789Z" }, "containers": { "cna": { "title": "Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)", "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "lang": "en", "description": "CWE-295: Improper Certificate Validation", "type": "CWE" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "references": [ { "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25" }, { "name": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90" } ], "affected": [ { "vendor": "digitalbazaar", "product": "forge", "versions": [ { "version": "< 1.4.0", "status": "affected" } ] } ], "providerMetadata": { "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:50:03.418Z" }, "descriptions": [ { "lang": "en", "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue." } ], "source": { "advisory": "GHSA-2328-f5f3-gj25", "discovery": "UNKNOWN" } }, "adp": [ { "references": [ { "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-03-30T18:53:46.442762Z", "id": "CVE-2026-33896", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:53:50.510Z" } }, { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.5::el8" ], "defaultStatus": "affected", "packageName": "automation-gateway", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.5.20260422-3.el8ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2.5::el9" ], "defaultStatus": "affected", "packageName": "automation-gateway", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.5.20260422-3.el9ap", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cluster_observability_operator:1.5::el9" ], "defaultStatus": "affected", "packageName": "cluster-observability-operator/logging-console-plugin-pf4-rhel9", "product": "Cluster Observability Operator 1.5.0", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782839279", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhdh:1.8::el9" ], "defaultStatus": "affected", "packageName": "rhdh/rhdh-hub-rhel9", "product": "Red Hat Developer Hub 1.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1776784286", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhdh:1.9::el9" ], "defaultStatus": "affected", "packageName": "rhdh/rhdh-hub-rhel9", "product": "Red Hat Developer Hub 1.9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1777903262", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "unaffected", "packageName": "io.cryostat-cryostat", "product": "Cryostat 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "packageName": "openshift-logging/kibana6-rhel8", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "unaffected", "packageName": "automation-eda-controller", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "unaffected", "packageName": "automation-platform-ui", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_hawtio:4" ], "defaultStatus": "unaffected", "packageName": "io.hawt-project", "product": "Red Hat build of Apache Camel - HawtIO 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "io.apicurio-apicurio-registry", "product": "Red Hat build of Apicurio Registry 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:podman_desktop:1" ], "defaultStatus": "affected", "packageName": "podman-desktop-macos-1-0", "product": "Red Hat Build of Podman Desktop", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:podman_desktop:1" ], "defaultStatus": "affected", "packageName": "podman-desktop-windows-1-0", "product": "Red Hat Build of Podman Desktop", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "org.infinispan-infinispan-console", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "pcs", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "pcs", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "io.apicurio-apicurito", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "io.syndesis-syndesis-parent", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unaffected", "packageName": "org.uberfire-uberfire-parent", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3", "vendor": "Red Hat" } ], "datePublic": "2026-03-27T20:50:03.418Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in Forge (also known as node-forge), a JavaScript implementation of Transport Layer Security (TLS). The `pki.verifyCertificateChain()` function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extensions to enable any leaf certificate to function as a Certificate Authority (CA) and sign other certificates. Consequently, node-forge could accept these unauthorized certificates as valid, potentially leading to spoofing or the issuance of illegitimate certificates." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-33896" }, { "name": "RHBZ#2452458", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452458" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33896.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24761" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34342" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:9742" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:13826" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0" }, { "lang": "en", "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8" }, { "lang": "en", "value": "RHSA-2026:13826: Red Hat Developer Hub 1.9" } ], "timeline": [ { "lang": "en", "time": "2026-03-27T21:02:22.762Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-03-27T20:50:03.418Z", "value": "Made public." } ], "title": "node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-15T01:05:26.789Z" } } ] } }