GHSA-crm4-q7v4-c2r2 · Severity: critical — An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active...
An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py), ADSys utilizes a plaintext HTTP connection (http://) instead of a secure HTTPS connection (https://) to request the CA certificate from the Active Directory Certificate Services server (GetCACert). An unauthenticated network attacker positioned between the managed Ubuntu host and the configured AD CS CA hostname can conduct a Man-in-the-Middle (MITM) attack. By intercepting the plaintext HTTP request, the attacker can supply an arbitrary, attacker-controlled Root CA certificate. Because the system automatically accepts this certificate and registers it into the local system trust store via update-ca-certificates, this results in system-wide trust store poisoning. Consequently, TLS clients utilizing the operating system trust store on the affected machine will accept rogue certificates for arbitrary domains, enabling persistent decryption and interception of subsequent TLS connections. This issue is resolved in version v0.16.3.
Conclusion & alert: CVE-2026-12249 is rated Low Risk (36.6/100): CVSS Critical severity, with low exploitation likelihood (EPSS 0.11%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-23 | — | 0.11% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.0 | 4.0 | CRITICAL |
|
— | — | [email protected] |
| 9.0 | 3.1 | CRITICAL |
|
2.2 | 6.0 | [email protected] |
GHSA-crm4-q7v4-c2r2 · Severity: critical — An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active...
| vendor | priority | summary | link |
|---|---|---|---|
ubuntu
|
medium | CVE-2026-12249 medium priority: Ubuntu including 1 source packages (adsys), 6 status rows across 6 suites (focal, jammy, noble, questing, resolute, upstream): not-affected 4, released 2. | https://ubuntu.com/security/CVE-2026-12249 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||