Vulnerability in Oxia-db Oxia
CVE-2026-40944
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., in…
Vulnerability class: Improper Certificate Validation
EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.
Affected products
- Oxia-db Oxia — versions < 0.16.2
Weakness classification (CWE)
References
- https://github.com/oxia-db/oxia/security/advisories/GHSA-7jrq-q4pq-rhm6 (x_refsource_CONFIRM)