{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-45574/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["epa4all-client (\u003c 1.2.2)"],"_cs_severities":["medium"],"_cs_tags":["tls","certificate-validation","mitm","credential-access","cve-2026-45574"],"_cs_type":"advisory","_cs_vendors":["Oviva AG"],"content_html":"\u003cp\u003eThe \u003ccode\u003eepa4all-client\u003c/code\u003e library, used for electronic patient record (ePA) interactions, contains a flaw that disables TLS certificate validation in production environments. This vulnerability, present in versions prior to 1.2.2, allows an attacker positioned on the network path between the ePA service and the Konnektor to intercept all SOAP traffic. This includes sensitive information such as patient identifiers (KVNR), SMC-B card operations (authentication, signing), document content, and credential exchanges. The vulnerability is identified as CVE-2026-45574 and was reported by Machine Spirits. Exploitation of this flaw allows for significant data breaches and unauthorized access to patient information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker positions themselves on the network path between the ePA client (using the vulnerable library) and the ePA service/Konnektor.\u003c/li\u003e\n\u003cli\u003eThe ePA client attempts to establish a TLS connection to the ePA service.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts the TLS handshake and presents a malicious TLS certificate (self-signed, expired, or with a wrong CN).\u003c/li\u003e\n\u003cli\u003eDue to the disabled TLS certificate validation in the vulnerable \u003ccode\u003eepa4all-client\u003c/code\u003e library, the client accepts the malicious certificate without proper verification.\u003c/li\u003e\n\u003cli\u003eA secure TLS connection is established between the ePA client and the attacker, who is impersonating the legitimate ePA service.\u003c/li\u003e\n\u003cli\u003eThe ePA client sends SOAP requests containing sensitive data (patient identifiers, SMC-B card operations, document content, and credentials) over the TLS connection.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts and decrypts the SOAP traffic, gaining access to the sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use the stolen data for malicious purposes, such as identity theft, fraud, or unauthorized access to patient records.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to intercept and steal sensitive patient data transmitted between the ePA client and the ePA service. This includes patient identifiers (KVNR), SMC-B card operations (authentication, signing), document content, and credential exchanges. A successful attack could lead to large-scale data breaches, identity theft, and unauthorized access to confidential patient records, impacting potentially thousands of patients and healthcare providers using the vulnerable \u003ccode\u003eepa4all-client\u003c/code\u003e library.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eepa4all-client\u003c/code\u003e library to version 1.2.2 or later to remediate the TLS certificate validation vulnerability (CVE-2026-45574).\u003c/li\u003e\n\u003cli\u003eAs a workaround, use the library directly instead of the REST wrapper as suggested in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected TLS connections originating from applications using the \u003ccode\u003eepa4all-client\u003c/code\u003e library, using the rules below, especially if connections use non-standard certificates.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-15T18:29:54Z","date_published":"2026-05-15T18:29:54Z","id":"https://feed.craftedsignal.io/briefs/2026-05-epa4all-client-tls-validation/","summary":"The epa4all-client library before version 1.2.2 is vulnerable to a TLS certificate validation issue, allowing a man-in-the-middle attacker to intercept SOAP traffic and sensitive patient data by presenting a malicious TLS certificate.","title":"epa4all-client Library Vulnerable to TLS Certificate Validation Issue (CVE-2026-45574)","url":"https://feed.craftedsignal.io/briefs/2026-05-epa4all-client-tls-validation/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-45574","version":"https://jsonfeed.org/version/1.1"}