Smallstep Step-ca
3 CVEs affecting Smallstep Step-ca. Latest disclosed: 2026-04-10. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30836 | Critical | 10.0 | 2026-03-19 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unau… |
CVE-2025-44005 | Critical | 10.0 | 2025-12-17 | An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorizati… |
CVE-2026-40097 | Low | 3.7 | 2026-04-10 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger a… |