Certificate Trust Vulnerability in Dahua Products
CVE-2026-29114

2.3LOW

Key Information:

Vendor

Dahua

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-29114?

A security issue has been discovered in various Dahua security products that may allow an attacker to acquire the device’s CA root certificate. If this certificate is installed and trusted on client systems, it could enable an attacker to create fraudulent certificates that would be accepted as legitimate by these clients, effectively compromising the certificate trust chain. This vulnerability poses significant risks as it could facilitate unauthorized access and manipulation of trusted communications.

Affected Version(s)

IPC Some IPC models are affected, specifically those with a build date before April 15, 2026.

References

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.