Fabre

#1135342 wget2: CVE-2026-1858 #1135342

Package:: src:wget2

Source:: src:wget2

Submitter:: Salvatore Bonaccorso

Date:: 2026-05-01 12:07:02 UTC

Severity:: normal

Tags:

#1135342#5

Date:: 2026-05-01 12:05:18 UTC

From:

To:

Hi,

The following vulnerability was published for wget2.

CVE-2026-1858[0]:
| wget2 accepts a server certificate with incorrect Key Usage (KU) or
| Extended Key Usage (EKU). If the attackers compromise a certificate
| (with the associated private key) issued for a different purpose,
| they may be able to reuse it for TLS server authentication.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-1858
https://www.cve.org/CVERecord?id=CVE-2026-1858
[1] https://gitlab.com/gnuwget/wget2/-/commit/f4854d7fbc0a85c1d9873f5980707c0b80df212a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1135342 wget2: CVE-2026-1858 #1135342

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)