CVE-2026-40944
Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded. This silently breaks certificate chain validation for mTLS. This vulnerability is fixed in 0.16.2.
| CWE | CWE-295 |
| Vendor | oxia-db |
| Product | oxia |
| Published | Apr 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for oxia-db oxia
Be the first to know when new unknown vulnerabilities affecting oxia-db oxia are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
oxia-db / oxia
< 0.16.2