EXECUTIVE SUMMARY:
CVE-2026-45574 with a CVSS score of 8.1 is a vulnerability affecting the epa4all-client package, specifically versions less than 1.2.2, which allows an attacker on the network path between the ePA service and the Konnektor to intercept all SOAP traffic by presenting any TLS certificate, including self-signed, expired, or incorrectly configured certificates. This enables the attacker to intercept sensitive information such as patient identifiers, SMC-B card operations, document content, and credential exchanges. An attacker can exploit this vulnerability by being on the network path and presenting a malicious TLS certificate, requiring no authentication or elevated privileges to do so. By exploiting this vulnerability, an attacker gains the capability to intercept sensitive information, leading to a significant business impact and potential consequences, including compromised patient data and confidentiality breaches. The exploitation of this vulnerability requires no additional prerequisites or conditions beyond being on the network path and presenting a malicious TLS certificate.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-45574 with a CVSS score of 8.1 is a vulnerability affecting the epa4all-client package, specifically versions less than 1.2.2, which allows an attacker on the network path between the ePA service and the Konnektor to intercept all SOAP traffic by presenting any TLS certificate, including self-signed, expired, or incorrectly configured certificates. This enables the attacker to intercept sensitive information such as patient identifiers, SMC-B card operations, document content, and credential exchanges. An attacker can exploit this vulnerability by being on the network path and presenting a malicious TLS certificate, requiring no authentication or elevated privileges to do so. By exploiting this vulnerability, an attacker gains the capability to intercept sensitive information, leading to a significant business impact and potential consequences, including compromised patient data and confidentiality breaches. The exploitation of this vulnerability requires no additional prerequisites or conditions beyond being on the network path and presenting a malicious TLS certificate.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-5hhf-xmfx-4vvr