Vulnerability Details CVE-2026-30836
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.1%
CVSS Severity
CVSS v3 Score 10.0
References
Products affected by CVE-2026-30836
-
cpe:2.3:a:smallstep:step-ca:0.0.1
-
cpe:2.3:a:smallstep:step-ca:0.10.0
-
cpe:2.3:a:smallstep:step-ca:0.11.0
-
cpe:2.3:a:smallstep:step-ca:0.12.0
-
cpe:2.3:a:smallstep:step-ca:0.13.0
-
cpe:2.3:a:smallstep:step-ca:0.13.1
-
cpe:2.3:a:smallstep:step-ca:0.13.2
-
cpe:2.3:a:smallstep:step-ca:0.13.3
-
cpe:2.3:a:smallstep:step-ca:0.14.0
-
cpe:2.3:a:smallstep:step-ca:0.14.1
-
cpe:2.3:a:smallstep:step-ca:0.14.2
-
cpe:2.3:a:smallstep:step-ca:0.14.3
-
cpe:2.3:a:smallstep:step-ca:0.14.4
-
cpe:2.3:a:smallstep:step-ca:0.14.5
-
cpe:2.3:a:smallstep:step-ca:0.14.6
-
cpe:2.3:a:smallstep:step-ca:0.15.0
-
cpe:2.3:a:smallstep:step-ca:0.15.1
-
cpe:2.3:a:smallstep:step-ca:0.15.10
-
cpe:2.3:a:smallstep:step-ca:0.15.11
-
cpe:2.3:a:smallstep:step-ca:0.15.12
-
cpe:2.3:a:smallstep:step-ca:0.15.13
-
cpe:2.3:a:smallstep:step-ca:0.15.14
-
cpe:2.3:a:smallstep:step-ca:0.15.15
-
cpe:2.3:a:smallstep:step-ca:0.15.16
-
cpe:2.3:a:smallstep:step-ca:0.15.2
-
cpe:2.3:a:smallstep:step-ca:0.15.3
-
cpe:2.3:a:smallstep:step-ca:0.15.4
-
cpe:2.3:a:smallstep:step-ca:0.15.5
-
cpe:2.3:a:smallstep:step-ca:0.15.6
-
cpe:2.3:a:smallstep:step-ca:0.15.7
-
cpe:2.3:a:smallstep:step-ca:0.15.8
-
cpe:2.3:a:smallstep:step-ca:0.15.9
-
cpe:2.3:a:smallstep:step-ca:0.16.0
-
cpe:2.3:a:smallstep:step-ca:0.16.1
-
cpe:2.3:a:smallstep:step-ca:0.16.2
-
cpe:2.3:a:smallstep:step-ca:0.16.3
-
cpe:2.3:a:smallstep:step-ca:0.16.4
-
cpe:2.3:a:smallstep:step-ca:0.17.0
-
cpe:2.3:a:smallstep:step-ca:0.17.1
-
cpe:2.3:a:smallstep:step-ca:0.17.2
-
cpe:2.3:a:smallstep:step-ca:0.17.3
-
cpe:2.3:a:smallstep:step-ca:0.17.4
-
cpe:2.3:a:smallstep:step-ca:0.17.5
-
cpe:2.3:a:smallstep:step-ca:0.17.6
-
cpe:2.3:a:smallstep:step-ca:0.17.7
-
cpe:2.3:a:smallstep:step-ca:0.18.0
-
cpe:2.3:a:smallstep:step-ca:0.18.1
-
cpe:2.3:a:smallstep:step-ca:0.18.2
-
cpe:2.3:a:smallstep:step-ca:0.18.3
-
cpe:2.3:a:smallstep:step-ca:0.19.0
-
cpe:2.3:a:smallstep:step-ca:0.20.0
-
cpe:2.3:a:smallstep:step-ca:0.21.0
-
cpe:2.3:a:smallstep:step-ca:0.22.0
-
cpe:2.3:a:smallstep:step-ca:0.22.1
-
cpe:2.3:a:smallstep:step-ca:0.22.2
-
cpe:2.3:a:smallstep:step-ca:0.23.0
-
cpe:2.3:a:smallstep:step-ca:0.23.1
-
cpe:2.3:a:smallstep:step-ca:0.23.2
-
cpe:2.3:a:smallstep:step-ca:0.24.0
-
cpe:2.3:a:smallstep:step-ca:0.24.1
-
cpe:2.3:a:smallstep:step-ca:0.24.2
-
cpe:2.3:a:smallstep:step-ca:0.24.3
-
cpe:2.3:a:smallstep:step-ca:0.25.0
-
cpe:2.3:a:smallstep:step-ca:0.25.1
-
cpe:2.3:a:smallstep:step-ca:0.25.2
-
cpe:2.3:a:smallstep:step-ca:0.25.3
-
cpe:2.3:a:smallstep:step-ca:0.26.0
-
cpe:2.3:a:smallstep:step-ca:0.26.1
-
cpe:2.3:a:smallstep:step-ca:0.26.2
-
cpe:2.3:a:smallstep:step-ca:0.27.0
-
cpe:2.3:a:smallstep:step-ca:0.27.1
-
cpe:2.3:a:smallstep:step-ca:0.27.2
-
cpe:2.3:a:smallstep:step-ca:0.27.3
-
cpe:2.3:a:smallstep:step-ca:0.27.4
-
cpe:2.3:a:smallstep:step-ca:0.27.5
-
cpe:2.3:a:smallstep:step-ca:0.28.0
-
cpe:2.3:a:smallstep:step-ca:0.28.1
-
cpe:2.3:a:smallstep:step-ca:0.28.2
-
cpe:2.3:a:smallstep:step-ca:0.28.3
-
cpe:2.3:a:smallstep:step-ca:0.28.4
-
cpe:2.3:a:smallstep:step-ca:0.29.0
-
cpe:2.3:a:smallstep:step-ca:0.30.0
-
cpe:2.3:a:smallstep:step-ca:0.8.1
-
cpe:2.3:a:smallstep:step-ca:0.8.2
-
cpe:2.3:a:smallstep:step-ca:0.8.3
-
cpe:2.3:a:smallstep:step-ca:0.8.4
-
cpe:2.3:a:smallstep:step-ca:0.8.5
-
cpe:2.3:a:smallstep:step-ca:0.9.0
-
cpe:2.3:a:smallstep:step-ca:0.9.1
-
cpe:2.3:a:smallstep:step-ca:0.9.2