Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Prometheus FIPS Wildcard Certificates Not Restricted
CLEANSTART-2026-XZ04425
Summary
A configuration error in Prometheus FIPS allows an attacker to use a wildcard certificate on a subdomain that should be excluded. This could lead to unauthorized access to sensitive information. Update your Prometheus FIPS package to the latest version to fix the issue.
What to do
- Update prometheus-fips to version 3.9.0-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | prometheus-fips | <= 3.9.0-r0 | 3.9.0-r0 |
Original title
excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Original description
Multiple security vulnerabilities affect the prometheus-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details.
osv CVSS3.1
9.8
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advis... Vendor Advisory
- https://osv.dev/vulnerability/CVE-2025-61727 URL
- https://osv.dev/vulnerability/CVE-2025-61729 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61727 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 URL
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026