CVE-2026-29114

Summary

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.

Affected Software

VendorProductVersion RangeStatus
DahuaIPCSome IPC models are affected, specifically those with a build date before April 15, 2026.affected

Weaknesses

  • CWE-538: CWE-538 Insertion of sensitive information into Externally-Accessible file or directory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References