Vulnerability in Airtower-luna Mod_gnutls
CVE-2026-33308
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private…
Vulnerability class: Improper Certificate Validation
EPSS: 0.000 (3.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Airtower-luna Mod_gnutls — versions < 0.13.0
Weakness classification (CWE)
References
- https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-hm2g-m958-8qgh (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-33308?
- CVE-2026-33308 is a medium-severity vulnerability in Airtower-luna Mod_gnutls, classified under Improper Certificate Validation. CVSS score: 6.8/10. Published 2026-03-24.
- How severe is CVE-2026-33308?
- Medium severity. CVSS v3 base score is 6.8 out of 10.