DEBIAN-CVE-2026-8367

Source
https://security-tracker.debian.org/tracker/CVE-2026-8367
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-8367.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-8367
Upstream
  • CVE-2026-8367
Published
2026-05-13T16:17:04.780Z
Modified
2026-06-15T19:06:34.290386872Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

References

Affected packages

Debian:11 / aria2

Package

Name
aria2
Purl
pkg:deb/debian/aria2?arch=source&distro=bullseye

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.35.0-3
1.36.0-1
1.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-8367.json"

Debian:12 / aria2

Package

Name
aria2
Purl
pkg:deb/debian/aria2?arch=source&distro=bookworm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.36.0-1
1.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-8367.json"

Debian:13 / aria2

Package

Name
aria2
Purl
pkg:deb/debian/aria2?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.7.3-1
0.8.0-1
0.8.1-1
0.9.0-1
0.10.1-1
0.10.2+1-1
0.11.0-1
0.11.2-1
0.11.3-1
0.12.0-1
0.12.1-1
0.13.1+1-1
0.14.0-1
0.14.0-1+lenny1
0.14.0-1+lenny2
1.*
1.0.1-1
1.1.2-1
1.2.0-1
1.3.0-1
1.3.2-1
1.4.1-1
1.6.2-1
1.6.2-2
1.6.2-3
1.7.1-1
1.7.2-1
1.8.0-1
1.8.2-1
1.9.0-1
1.9.1-1
1.9.3-1
1.9.4-1
1.9.5-1
1.10.0-1
1.10.0-2
1.10.6-1
1.10.9-1
1.11.1-1
1.11.2-1
1.12.0-1
1.12.1-1
1.12.1-2
1.13.0-1
1.14.0-1
1.14.1-1
1.14.2-1
1.14.2-2
1.15.0-1
1.15.0-2
1.15.1-1
1.15.2-1
1.16.0-1
1.16.1-1
1.17.0-1
1.18.0-1
1.18.0-2
1.18.1-1
1.18.3-1
1.18.5-1
1.18.7-1
1.18.8-1
1.18.10-1
1.18.10-2
1.19.0-1
1.21.0-1
1.24.0-1
1.25.0-1
1.26.1-1
1.27.1-1
1.29.0-1
1.30.0-1
1.30.0-2
1.31.0-1
1.32.0-1
1.32.0-2
1.33.1-1
1.34.0-1
1.34.0-2
1.34.0-3
1.34.0-4
1.35.0-1
1.35.0-2
1.35.0-3
1.36.0-1
1.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-8367.json"

Debian:14 / aria2

Package

Name
aria2
Purl
pkg:deb/debian/aria2?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.7.3-1
0.8.0-1
0.8.1-1
0.9.0-1
0.10.1-1
0.10.2+1-1
0.11.0-1
0.11.2-1
0.11.3-1
0.12.0-1
0.12.1-1
0.13.1+1-1
0.14.0-1
0.14.0-1+lenny1
0.14.0-1+lenny2
1.*
1.0.1-1
1.1.2-1
1.2.0-1
1.3.0-1
1.3.2-1
1.4.1-1
1.6.2-1
1.6.2-2
1.6.2-3
1.7.1-1
1.7.2-1
1.8.0-1
1.8.2-1
1.9.0-1
1.9.1-1
1.9.3-1
1.9.4-1
1.9.5-1
1.10.0-1
1.10.0-2
1.10.6-1
1.10.9-1
1.11.1-1
1.11.2-1
1.12.0-1
1.12.1-1
1.12.1-2
1.13.0-1
1.14.0-1
1.14.1-1
1.14.2-1
1.14.2-2
1.15.0-1
1.15.0-2
1.15.1-1
1.15.2-1
1.16.0-1
1.16.1-1
1.17.0-1
1.18.0-1
1.18.0-2
1.18.1-1
1.18.3-1
1.18.5-1
1.18.7-1
1.18.8-1
1.18.10-1
1.18.10-2
1.19.0-1
1.21.0-1
1.24.0-1
1.25.0-1
1.26.1-1
1.27.1-1
1.29.0-1
1.30.0-1
1.30.0-2
1.31.0-1
1.32.0-1
1.32.0-2
1.33.1-1
1.34.0-1
1.34.0-2
1.34.0-3
1.34.0-4
1.35.0-1
1.35.0-2
1.35.0-3
1.36.0-1
1.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-8367.json"