Smallstep Certificates
3 CVEs affecting Smallstep Certificates. Latest disclosed: 2026-04-10. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30836 | Critical | 10.0 | 2026-03-19 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unau… |
CVE-2025-66406 | Medium | 5.0 | 2025-12-03 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check f… |
CVE-2026-40097 | Low | 3.7 | 2026-04-10 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger a… |