CVE-2026-1858

CVE-2026-1858

Name

CVE-2026-1858

Description

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2026-37

Type

URI

vulnreport@tenable.com

https://www.tenable.com/security/research/tra-2026-37

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:wget2::::::::`	wget2	>= None	<= 2.2.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:wget2:*:*:*:*:*:*:*:*

wget2

>= None

<= 2.2.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
wget2	edge-community	2.2.1-r1	Jingyun Hua <huajingyun@loongson.cn>	possibly vulnerable
wget2	edge-community	2.2.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
wget2	edge-community	2.2.0-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
wget2	edge-community	2.2.0-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
wget2	3.23-community	2.2.0-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

wget2

edge-community

2.2.1-r1

Jingyun Hua <huajingyun@loongson.cn>

possibly vulnerable

wget2

edge-community