← back
CVE-2026-0872

Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon

CVSS 2.5 LOWEPSS 0.2%CWE-295
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P
Affected products
Thales · SafeNet Agent for Windows Logon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b&sysparm_article=KB0030173https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html