Vulnerabilities in smallstep
4 resultsCVE-2025-44005CRITICALAn attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain pEPSS 3.3%CVE-2026-30836CRITICALStep CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)EPSS 0.3%CVE-2026-40097LOWStep CA affected by an index out of bounds panic in TPM attestation EKU validationEPSS 0.2%CVE-2025-66406MEDIUMImproper Authorization Check for SSH Certificate RevocationEPSS 0.1%