CVE-2026-45575: Insecure Hostnameverifier Chain Iteration
Iterating over the entire certificate chain (via `getPeerCertificates()`) to verify a hostname or Subject Alternative Name (SAN) is insecure. Only the leaf certificate (index 0) represents the actual peer server identity. Validating every certificate in the chain allows a Man-in-the-Middle (MITM) attacker to append a forged intermediate certificate containin
greprules fetch cve-2026-45575-insecure-hostnameverifier-chain-iteration --engine opengrepDescription
Iterating over the entire certificate chain (via `getPeerCertificates()`) to verify a hostname or Subject Alternative Name (SAN) is insecure. Only the leaf certificate (index 0) represents the actual peer server identity. Validating every certificate in the chain allows a Man-in-the-Middle (MITM) attacker to append a forged intermediate certificate containin
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.