Vulnerability in Cloudflare's Universal SSL Affecting DNS Management
CVE-2026-14440

7.6HIGH

Key Information:

Vendor

Cloudflare

Vendor
CVE Published:
1 July 2026

What is CVE-2026-14440?

Cloudflare's Universal SSL feature automatically manages the Certificate Authority Authorization (CAA) resource records for customer zones, which can lead to improper validation of stricter CAA conditions. When the Universal SSL zones serve an auto-managed CAA RRset, they override any customer-defined CAA records, allowing potentially unauthorized issuance of TLS certificates. If a customer sets strict CAA parameters using RFC 8657's accounturi or validationmethods, those protections may not be enforced properly, leaving the door open for attackers to exploit this issue and acquire browser-trusted certificates. Exploitation of this vulnerability requires advanced capabilities, including control over an ACME account at a Certificate Authority and domain control validation across multiple global perspectives. Mitigation includes disabling Universal SSL to enforce stricter CAA settings and monitoring Certificate Transparency to detect any certificate misissuance.

Affected Version(s)

Universal SSL Cloud Service 0

References

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
.