VDB
CLEANSTART-2026-AF45008
CLEANSTART-2026-AF45008
PUBLISHED
CVSS 9.800000190734863 CRITICAL
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CleanStart | nginx | 0 |
Exploit Intelligence
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
- Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
- Educational environment for LTAT.04.022 Homework 4. (github-poc)
- Educational environment for LTAT.04.022 Homework 4. (github-poc)
- liusec/CVE-2017-7529 (github-poc-repo)
- liusec/CVE-2017-7529 (github-poc-repo)
…and 272 more exploits
Timeline
- Apr 21, 2026 CVE Published
- Apr 23, 2026 CVE Updated
References
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AF45008.json advisory
- https://osv.dev/vulnerability/CVE-2017-7529 url
- https://osv.dev/vulnerability/CVE-2018-16845 url
- https://osv.dev/vulnerability/CVE-2019-20372 url
- https://osv.dev/vulnerability/CVE-2019-9511 url
- https://osv.dev/vulnerability/CVE-2019-9513 url
- https://osv.dev/vulnerability/CVE-2019-9516 url
- https://osv.dev/vulnerability/CVE-2021-23017 url
- https://osv.dev/vulnerability/CVE-2021-46461 url
- https://osv.dev/vulnerability/CVE-2021-46462 url
- https://osv.dev/vulnerability/CVE-2021-46463 url
- https://osv.dev/vulnerability/CVE-2022-25139 url
- https://osv.dev/vulnerability/CVE-2022-41741 url
- https://osv.dev/vulnerability/CVE-2022-41742 url
- https://osv.dev/vulnerability/CVE-2023-44487 url
- https://osv.dev/vulnerability/CVE-2024-7347 url
- https://osv.dev/vulnerability/CVE-2025-23419 url
- https://nvd.nist.gov/vuln/detail/CVE-2017-7529 url
- https://nvd.nist.gov/vuln/detail/CVE-2018-16845 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-20372 url
…and 13 more