CWE-297 · Improper Validation of Certificate with Host Mismatch
48 CVEs classified under CWE-297 (Improper Validation of Certificate with Host Mismatch). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-11050 | Critical | 9.0 | 2020-05-07 | In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hos… |
CVE-2021-21385 | High | 8.8 | 2021-03-24 | Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disa… |
CVE-2026-35563 | High | 8.5 | 2026-06-01 | It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the… |
CVE-2025-3501 | High | 8.2 | 2025-04-29 | A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. |
CVE-2026-42790 | High | 8.1 | 2026-05-27 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject Com… |
CVE-2022-32153 | High | 8.1 | 2022-06-15 | Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates durin… |
CVE-2018-10936 | High | 8.1 | 2018-08-30 | A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier wa… |
CVE-2022-4967 | High | 7.7 | 2024-05-13 | strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When cert… |
CVE-2023-5909 | High | 7.5 | 2023-11-30 | KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. |
CVE-2026-44393 | High | 7.4 | 2026-06-04 | An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when co… |
CVE-2026-41603 | High | 7.4 | 2026-04-28 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended… |
CVE-2026-26214 | High | 7.4 | 2026-02-12 | Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configurati… |
CVE-2026-43869 | High | 7.3 | 2026-05-05 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended… |
CVE-2024-12925 | High | 7.3 | 2025-09-01 | Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05… |
CVE-2024-7346 | High | 7.2 | 2024-09-03 | Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked co… |
CVE-2026-44467 | Medium | 6.8 | 2026-05-13 | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Cla… |
CVE-2025-25253 | Medium | 6.8 | 2025-10-14 | An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versio… |
CVE-2024-49782 | Medium | 6.8 | 2025-02-20 | IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit th… |
CVE-2021-33695 | Medium | 6.8 | 2021-09-15 | Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. |
CVE-2020-15260 | Medium | 6.8 | 2021-03-10 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN… |