Is github.com/oxia-db/oxia affected by CVE-2026-40944?

Go github.com/oxia-db/oxia is affected in <0.16.2.

Is CVE-2026-40944 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

high

CVE-2026-40944

Q: Is CVE-2026-40944 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

Go · github.com/oxia-db/oxia

Summary

Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles

Severity: high
EPSS: 0.2% (p6)
Also known as: GHSA-7jrq-q4pq-rhm6
Published: 2026-04-14

References

https://github.com/oxia-db/oxia/security/advisories/GHSA-7jrq-q4pq-rhm6
https://nvd.nist.gov/vuln/detail/CVE-2026-40944
https://github.com/oxia-db/oxia

Related advisories

CVE-2026-40946 — critical · Go/github.com/oxia-db/oxia
CVE-2026-40943 — high · Go/github.com/oxia-db/oxia
CVE-2026-40945 — high · Go/github.com/oxia-db/oxia

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.