threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Improper Certificate Validation
Weakness
Improper Certificate Validation
CWE-295 · Base · Draft
The product does not validate, or incorrectly validates, a certificate.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-287 · Improper Authentication
Children (more specific)
ParentOf
CWE-296 · Improper Following of a Certificate's Chain of Trust
ParentOf
CWE-297 · Improper Validation of Certificate with Host Mismatch
ParentOf
CWE-298 · Improper Validation of Certificate Expiration
ParentOf
CWE-299 · Improper Check for Certificate Revocation
ParentOf
CWE-599 · Missing Validation of OpenSSL Certificate
Related
PeerOf
CWE-322 · Key Exchange without Entity Authentication
◆
Attack Patterns (CAPEC)
2
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-459
Creating a Rogue Certification Authority Certificate
CAPEC-475
Signature Spoofing by Improper Validation
⚠
CVEs With This Weakness
1,606
A sample of the 1,606 CVEs tagged with this weakness.
CVE
CVE-2026-8367
CVE
CVE-2026-7821
CVE
CVE-2026-7009
CVE
CVE-2026-6860
CVE
CVE-2026-5787
CVE
CVE-2026-5501
CVE
CVE-2026-5263
CVE
CVE-2026-5194
CVE
CVE-2026-4873
CVE
CVE-2026-4740
CVE
CVE-2026-4587
CVE
CVE-2026-44700
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin