Vulnerability Description
rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority (TSA). By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS#7 bag of certificates, an attacker can append a spoofed certificate matching the target common_name and Extended Key Usage (EKU) requirements. This tricks the library into verifying these authorization rules against the forged certificate while validating the cryptographic signature against an actual trusted TSA (such as FreeTSA), thereby bypassing the intended TSA authorization pinning entirely. This vulnerability is fixed in 1.0.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trailofbits | Rfc3161-Client | < 1.0.6 |
Related Weaknesses (CWE)
References
- https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-3xxc-pwj6ExploitVendor Advisory
- https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-3xxc-pwj6ExploitVendor Advisory
FAQ
What is CVE-2026-33753?
CVE-2026-33753 is a vulnerability with a CVSS score of 6.2 (MEDIUM). rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification al...
How severe is CVE-2026-33753?
CVE-2026-33753 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-33753?
Check the references section above for vendor advisories and patch information. Affected products include: Trailofbits Rfc3161-Client.