BaseDraft

CWE-296Improper Following of a Certificate's Chain of Trust

Category: other

Description

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

Common consequences· 2

  • Non-Repudiation — Hide Activities
    Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.
  • Integrity / Confidentiality / Availability / Access Control — Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
    Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Potential mitigations· 3

  • [Architecture and Design]Ensure that proper certificate checking is included in the system design.
  • [Implementation]Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.
  • [Implementation]If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust.

References

  1. https://cwe.mitre.org/data/definitions/296.html

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-1146cve-2025-11460%live
VulnerabilityCVE-2025-48057cve-2025-480570%live
VulnerabilityCVE-2026-27134cve-2026-271340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Certificate Validation
CWE
Improper Validation of Certificate with Host Mismatch
CWE
Improper Verification of Cryptographic Signature
CWE
Missing Validation of OpenSSL Certificate
CWE
Improper Check for Certificate Revocation
CWE
Insufficient Verification of Data Authenticity
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.