CVE-2026-1858

· NIST NVD ↗

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

MEDIUM
CVSS severity
4.8
CVSS base score
2026-04-29
Published

CWE codes

CWE-20

Affected products

gnu:wget2

Sources