Sign In

CVE-2026-30836

ADVISORY - github

Summary

⚠️ Limited Disclosure — Full Details Pending

A critical security vulnerability has been identified in Step CA. An updated version, v0.30.0, is available and all operators are strongly encouraged to upgrade immediately.

Full details of this vulnerability will be published in this security advisory on March 30, 2026. If you have urgent questions in the meantime, please contact security@smallstep.com.

EPSS Score: 0.00009 (0.009)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-287

Improper Authentication

CWE-295

Improper Certificate Validation

ADVISORY - github

CWE-287

Improper Authentication

CWE-295

Improper Certificate Validation

ADVISORY - redhat

CWE-306

Missing Authentication for Critical Function

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in