aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.35.0-1build1" }, { "binary_version": "1.35.0-1build1", "binary_name": "libaria2-0" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8367.json"
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.36.0-1" }, { "binary_name": "libaria2-0", "binary_version": "1.36.0-1" } ] }
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.37.0+debian-1build3" }, { "binary_name": "libaria2-0", "binary_version": "1.37.0+debian-1build3" } ] }
{ "binaries": [ { "binary_version": "1.37.0+debian-3build1", "binary_name": "aria2" }, { "binary_name": "libaria2-0", "binary_version": "1.37.0+debian-3build1" } ] }
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.37.0+debian-4" }, { "binary_name": "libaria2-0", "binary_version": "1.37.0+debian-4" } ] }
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.18.1-1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.19.0-1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "aria2", "binary_version": "1.33.1-1ubuntu0.1~esm1" } ] }