CVE-2026-45574
Remote Code Execution in epa4all-client Java Client
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in epa4all-client, the Java client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Before version 1.2.2, an attacker positioned on the network path between the ePA service and the Konnektor can present any TLS certificateβwhether self-signed, expired, or with the wrong common nameβand successfully intercept all SOAP traffic.
This means the attacker can perform a man-in-the-middle attack, bypassing TLS certificate validation, and capture sensitive data transmitted between the client and service.
How can this vulnerability impact me? :
This vulnerability allows an attacker to intercept sensitive information including patient identifiers (KVNR), SMC-B card operations such as authentication and signing, document content, and credential exchanges.
Such interception can lead to unauthorized access to confidential patient data, compromise of authentication mechanisms, and potential misuse of credentials, severely impacting data confidentiality and integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the epa4all-client to version 1.2.2 or later, as this version fixes the issue where an attacker can present any TLS certificate and intercept SOAP traffic.