CVE-2026-45574: CWE-295: Improper Certificate Validation in oviva-ag epa4all-client
CVE-2026-45574 is a high-severity vulnerability in oviva-ag's epa4all-client prior to version 1. 2. 2. The client improperly validates TLS certificates, allowing a network attacker to present any certificate—including self-signed, expired, or with incorrect common names—and intercept all SOAP traffic. This traffic includes sensitive patient identifiers, authentication and signing operations, document content, and credential exchanges. The vulnerability is fixed in version 1. 2. 2.
AI Analysis
Technical Summary
The epa4all-client, a Java client used in the Telematik Infrastruktur for ePA 3.0, suffers from improper certificate validation (CWE-295) before version 1.2.2. This flaw enables a man-in-the-middle attacker on the network path between the ePA service and the Konnektor to intercept and read all SOAP communications by presenting invalid TLS certificates without detection. The intercepted data includes highly sensitive information such as patient identifiers (KVNR), SMC-B card operations (authentication and signing), document contents, and credential exchanges. The vulnerability has a CVSS 3.1 score of 8.1, indicating high severity. The issue is resolved in epa4all-client version 1.2.2.
Potential Impact
An attacker positioned on the network path can intercept and decrypt sensitive SOAP traffic due to acceptance of any TLS certificate by vulnerable epa4all-client versions. This compromises confidentiality of patient identifiers, authentication credentials, document contents, and signing operations. There is no indication of impact on availability. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade the epa4all-client to version 1.2.2 or later, where the improper certificate validation vulnerability is fixed. Since this is a client-side vulnerability and not a cloud service, applying this official fix is necessary to prevent interception of sensitive data. Patch status is confirmed by the vendor's versioning information. No alternative mitigations are indicated.
CVE-2026-45574: CWE-295: Improper Certificate Validation in oviva-ag epa4all-client
Description
CVE-2026-45574 is a high-severity vulnerability in oviva-ag's epa4all-client prior to version 1. 2. 2. The client improperly validates TLS certificates, allowing a network attacker to present any certificate—including self-signed, expired, or with incorrect common names—and intercept all SOAP traffic. This traffic includes sensitive patient identifiers, authentication and signing operations, document content, and credential exchanges. The vulnerability is fixed in version 1. 2. 2.
CVSS v3.1
Score 8.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The epa4all-client, a Java client used in the Telematik Infrastruktur for ePA 3.0, suffers from improper certificate validation (CWE-295) before version 1.2.2. This flaw enables a man-in-the-middle attacker on the network path between the ePA service and the Konnektor to intercept and read all SOAP communications by presenting invalid TLS certificates without detection. The intercepted data includes highly sensitive information such as patient identifiers (KVNR), SMC-B card operations (authentication and signing), document contents, and credential exchanges. The vulnerability has a CVSS 3.1 score of 8.1, indicating high severity. The issue is resolved in epa4all-client version 1.2.2.
Potential Impact
An attacker positioned on the network path can intercept and decrypt sensitive SOAP traffic due to acceptance of any TLS certificate by vulnerable epa4all-client versions. This compromises confidentiality of patient identifiers, authentication credentials, document contents, and signing operations. There is no indication of impact on availability. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade the epa4all-client to version 1.2.2 or later, where the improper certificate validation vulnerability is fixed. Since this is a client-side vulnerability and not a cloud service, applying this official fix is necessary to prevent interception of sensitive data. Patch status is confirmed by the vendor's versioning information. No alternative mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T19:00:14.600Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a161539e29bf47b506c53ad
Added to database: 5/26/2026, 9:48:41 PM
Last enriched: 5/26/2026, 10:03:36 PM
Last updated: 5/26/2026, 10:51:01 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.