Server Certificate Vulnerability in Wget2 by Katalyst
CVE-2026-1858

4.8MEDIUM

Key Information:

Vendor: Gnu
Status: Wget2
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-1858?

Wget2 is susceptible to a vulnerability where it improperly validates server certificates, specifically concerning Key Usage (KU) and Extended Key Usage (EKU) attributes. If an attacker gains access to a misconfigured certificate—originally intended for a different purpose—they may exploit it to perform unauthorized TLS server authentication, compromising the integrity of secure communications.

Affected Version(s)

wget2 0 <= 2.2.1

References

https://www.tenable.com/security/research/tra-2026-37

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Feb 3, 2026

Credit

Ireneusz Pastusiak with Tenable

CVE-2026-1858 Data

JSON