aria2c EKU Validation Flaw CVE-2026-8367 Enables TLS Certificate

Executive Summary

Tenable Research disclosed a certificate validation flaw in aria2c, the command-line download utility, tracked as CVE-2026-8367 with a CVSS score of 4.8. The vulnerability allows aria2c to accept a TLS server certificate whose Extended Key Usage (EKU) extension does not include server authentication. An attacker who compromises a certificate (and its private key) issued for any purpose — such as code signing, email protection, or client authentication — could reuse that certificate to impersonate a legitimate HTTPS server during an aria2c download session. While the CVSS severity is medium due to the prerequisite of certificate compromise, the flaw undermines the EKU constraint that is meant to compartmentalize certificate trust across different use cases.

Technical Analysis

Extended Key Usage is an X.509 certificate extension that restricts the purposes for which a certificate may be used. For TLS server authentication, the EKU must include the serverAuth OID (1.3.6.1.5.5.7.3.1). According to Tenable's advisory (TRA-2026-38), aria2c does not enforce this check when validating the server certificate during TLS handshake. The advisory states: "aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication."

The vulnerability exists in the TLS verification logic of aria2c, which relies on OpenSSL or similar libraries for certificate chain validation but fails to inspect the EKU extension independently. The advisory does not specify the exact code path or affected versions; however, the flaw is present in all builds that do not apply the vendor's patch. Tenable's disclosure does not indicate whether exploitation has been observed in the wild or whether a proof-of-concept exploit has been released.

The CVSS 4.8 score reflects the requirement that an attacker first compromise a certificate and its private key — a non-trivial precondition. However, in environments where certificate authorities issue certificates with broad EKU permissions (e.g., "anyExtendedKeyUsage" or multiple purpose OIDs), the attack surface widens. For example, a code-signing certificate stolen from a software vendor could be repurposed to serve malicious downloads over HTTPS to aria2c users, provided the attacker can also intercept or redirect traffic to the victim.

Mitigations & Recommendations

Tenable's advisory does not include a specific patch version or vendor fix timeline. As of this writing, the aria2c maintainer has not publicly addressed CVE-2026-8367. Defenders should monitor the aria2c GitHub repository and upstream package maintainers for an update that enforces EKU validation. In the interim, users can mitigate risk by:

• Restricting aria2c downloads to trusted, pinned certificates or using a separate TLS-terminating proxy that performs full certificate validation, including EKU checks.
• Avoiding the use of aria2c in automated or privileged contexts where a man-in-the-middle attack could be executed.
• Reviewing any certificate compromise incidents in the organization and revoking certificates that could be reused for server authentication.