Smallstep Step-ca

3 CVEs affecting Smallstep Step-ca. Latest disclosed: 2026-04-10. Critical: 2, High: 0.

Top CVEs affecting Smallstep Step-ca
CVESeverityScorePublishedSummary
CVE-2026-30836Critical10.02026-03-19Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unau…
CVE-2025-44005Critical10.02025-12-17An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorizati…
CVE-2026-40097Low3.72026-04-10Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger a…