Cyber Posture

CVE-2026-45575

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 26 May 2026

Published
26 May 2026
Modified
27 May 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 1.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-45575 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 1.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Steal Application Access Token (T1528).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CM-14 Signed Components
addresses: CWE-347

Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures.

SA-19 Component Authenticity
addresses: CWE-347

Component authenticity commonly depends on cryptographic signatures; the control enforces proper verification of those signatures.

SC-17 Public Key Infrastructure Certificates
addresses: CWE-347

PKI certificates under an approved policy require cryptographic signature verification on issuance and validation.

SC-20 Secure Name/Address Resolution Service (Authoritative Source)
addresses: CWE-347

Requires cryptographic signatures on authoritative data and support for verifying the chain of trust.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver)
addresses: CWE-347

Mandates verification of cryptographic signatures (e.g., DNSSEC RRSIG) on resolution responses, addressing missing or bypassed signature checks.

SI-7 Software, Firmware, and Information Integrity
addresses: CWE-347

Integrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers.

SR-11 Component Authenticity
addresses: CWE-347

Authenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces.

MITRE ATT&CK Enterprise TechniquesAI

T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
attack.mitre.org →
Why these techniques?

Vulnerability enables capture of signed auth material (application access token) via forged discovery document due to missing signature verification (CWE-347) during MITM.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery…

more

document. The forged document redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material. This vulnerability is fixed in 1.2.2.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-347
OWASP Top 10 Web 2025
A04:2025

References