Qt Network Uncontrolled Search Path Element Vulnerability in OpenSSL TLS Backend Allowing Rogue CA Certificate Loading

Vulnerability

A vulnerability has been identified in the OpenSSL TLS backend of Qt Network (qtbase) within the Qt Framework for Unix. This uncontrolled search path element issue allows a local attacker to load a malicious CA certificate as a trusted system authority. The attack is executed by placing a crafted certificate file in the application's working directory.

Impact

Exploitation of this vulnerability could lead to the acceptance of a rogue CA certificate, potentially allowing for man-in-the-middle attacks or the interception of encrypted communications.

Added: May 19, 2026, 2:24 PM

Updated: May 19, 2026, 2:24 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

3.5

remediation

0.0

relevance

8.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

3.5

remediation

0.0

relevance

8.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qt Network Uncontrolled Search Path Element Vulnerability in OpenSSL TLS Backend Allowing Rogue CA Certificate Loading

Vulnerability

Impact

Affected Products

Qt Network

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating