CWE-295Improper Certificate Validation

Abstraction: Base · CVEs in our corpus: 1,342

The product does not validate, or incorrectly validates, a certificate.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (3)AI

Control	Title	Family	Why it addresses this CWE
`SC-17`	Public Key Infrastructure Certificates	SC	Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.
`SC-45`	System Time Synchronization	SC	Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks.
`SA-19`	Component Authenticity	SA	When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

CVE	Risk	CVSS	EPSS	Published
`CVE-2020-0601` KEV	9.3	8.1	0.9409	2020-01-14
`CVE-2022-26923` KEV	9.2	8.8	0.9144	2022-05-10
`CVE-2015-3152`	4.3	5.9	0.5167	2016-05-16
`CVE-2022-20703` KEV	4.1	10.0	0.0200	2022-02-10
`CVE-2024-29050`	4.0	8.4	0.3830	2024-04-09
`CVE-2023-20963` KEV	3.7	7.8	0.0184	2023-03-24
`CVE-2024-49369`	3.5	9.8	0.2551	2024-11-12
`CVE-2023-41991` KEV	3.3	5.5	0.0355	2023-09-21
`CVE-2020-8289`	2.8	7.8	0.2054	2020-12-27
`CVE-2023-26463`	2.7	9.8	0.1154	2023-04-15
`CVE-2014-1266`	2.6	7.4	0.1790	2014-02-22
`CVE-2017-2800`	2.5	9.8	0.0889	2017-05-24
`CVE-2017-11770`	2.3	7.5	0.1368	2017-11-15
`CVE-2023-42425`	2.3	9.8	0.0495	2023-10-31
`CVE-2015-2320`	2.2	9.8	0.0483	2018-01-08
`CVE-2018-8034`	2.2	7.5	0.1172	2018-08-01
`CVE-2021-33907`	2.2	9.8	0.0325	2021-09-27
`CVE-2012-2993`	2.1	5.9	0.1469	2012-09-18
`CVE-2018-4991`	2.1	9.8	0.0216	2018-05-19
`CVE-2018-21029`	2.1	9.8	0.0156	2019-10-30
`CVE-2020-1952`	2.1	9.8	0.0165	2020-04-27
`CVE-2019-18847`	2.1	9.8	0.0261	2020-08-26
`CVE-2023-27823`	2.1	9.8	0.0194	2023-05-12
`CVE-2024-20080`	2.1	9.8	0.0236	2024-07-01
`CVE-2025-29331`	2.1	9.8	0.0190	2025-06-26