CVE-2026-33753 Overview
CVE-2026-33753 is an Authorization Bypass vulnerability affecting the rfc3161-client Python library, which implements the Time-Stamp Protocol (TSP) as described in RFC 3161. Prior to version 1.0.6, the library's signature verification mechanism contains a critical logic flaw that allows attackers to impersonate a trusted TimeStamping Authority (TSA).
The vulnerability stems from improper certificate validation (CWE-295) in how the library extracts the leaf certificate from an unordered PKCS#7 bag of certificates. An attacker can exploit this by appending a spoofed certificate that matches the target common_name and Extended Key Usage (EKU) requirements. This causes the library to verify authorization rules against the forged certificate while validating the cryptographic signature against an actual trusted TSA (such as FreeTSA), thereby completely bypassing the intended TSA authorization pinning.
Critical Impact
Attackers can impersonate any trusted TimeStamping Authority by exploiting the certificate extraction logic flaw, undermining the integrity guarantees of timestamped documents and signatures.
Affected Products
- rfc3161-client Python library versions prior to 1.0.6
- Applications relying on rfc3161-client for TSA certificate pinning
- Systems using Time-Stamp Protocol verification with unordered PKCS#7 certificate bags
Discovery Timeline
- 2026-04-08 - CVE CVE-2026-33753 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-33753
Vulnerability Analysis
This authorization bypass vulnerability allows attackers to circumvent TSA certificate pinning mechanisms in the rfc3161-client library. The fundamental issue lies in the library's handling of PKCS#7 certificate bags, which are inherently unordered collections. When extracting the leaf certificate for authorization verification, the library does not properly ensure that the certificate used for authorization checks is the same certificate that actually signed the timestamp response.
The attack exploits a desynchronization between two distinct verification steps: authorization verification (checking common_name and EKU attributes) and cryptographic signature verification. By appending a carefully crafted certificate to the PKCS#7 bag, attackers can cause the library to perform authorization checks against the spoofed certificate while the cryptographic signature validates against a legitimate TSA certificate also present in the bag.
Root Cause
The root cause is improper certificate validation (CWE-295) in the leaf certificate extraction logic. The library fails to maintain a consistent binding between the certificate used for authorization policy checks and the certificate used for cryptographic signature verification. When processing an unordered PKCS#7 certificate bag, the extraction algorithm may select different certificates for different verification purposes, creating a window for certificate substitution attacks.
Attack Vector
The attack requires local access to craft and inject a malicious timestamp response. An attacker constructs a PKCS#7 structure containing:
- A legitimate timestamp response signed by a trusted TSA (e.g., FreeTSA)
- A spoofed certificate with the common_name and EKU values matching the target TSA being impersonated
When the victim application verifies this response, the library's flawed extraction logic causes it to check authorization policies against the attacker's spoofed certificate while validating the cryptographic signature against the legitimate TSA certificate. This allows the attacker to bypass TSA pinning and make timestamps appear to originate from an arbitrary TSA of their choosing.
The exploitation mechanism involves crafting a PKCS#7 structure with multiple certificates in the certificate bag. The attacker includes both a legitimate TSA certificate (for signature validation) and a forged certificate matching the target TSA's identity attributes. Due to the unordered nature of the certificate bag and the library's flawed extraction logic, authorization checks occur against the forged certificate while cryptographic validation succeeds against the legitimate certificate. For detailed technical information, see the GitHub Security Advisory.
Detection Methods for CVE-2026-33753
Indicators of Compromise
- Timestamp responses containing multiple certificates in the PKCS#7 bag with matching common_name values
- Unexpected certificates appearing in timestamp verification logs
- Timestamp responses where the signing certificate differs from expected TSA certificates
- Applications accepting timestamps from TSAs not in the configured allowlist
Detection Strategies
- Audit installed Python packages for rfc3161-client versions prior to 1.0.6 using pip list or dependency scanning tools
- Implement additional certificate chain validation that ensures consistent certificate usage across authorization and signature verification
- Monitor for timestamp responses with unusually large certificate bags
- Review application logs for certificate extraction anomalies during TSP verification
Monitoring Recommendations
- Deploy software composition analysis (SCA) tools to track vulnerable rfc3161-client installations
- Enable verbose logging in applications using rfc3161-client to capture certificate details during verification
- Establish baseline metrics for typical PKCS#7 certificate bag sizes in timestamp responses
- Configure alerts for timestamp verification failures or anomalies that may indicate exploitation attempts
How to Mitigate CVE-2026-33753
Immediate Actions Required
- Upgrade rfc3161-client to version 1.0.6 or later immediately
- Audit all applications using rfc3161-client to identify vulnerable deployments
- Review recent timestamp verifications for potential compromise if exploitation is suspected
- Implement additional TSA certificate validation at the application layer as defense-in-depth
Patch Information
The vulnerability is fixed in rfc3161-client version 1.0.6. The patch addresses the certificate extraction logic to ensure that the same certificate is consistently used for both authorization policy verification and cryptographic signature validation. Upgrade using:
pip install --upgrade rfc3161-client>=1.0.6
For more details on the fix, refer to the GitHub Security Advisory.
Workarounds
- Pin specific TSA certificates at the application layer rather than relying solely on common_name matching
- Implement additional verification that extracts and compares the actual signing certificate against expected values
- Consider using alternative timestamp verification libraries until the upgrade can be completed
- Restrict timestamp acceptance to only known-good TSA certificate fingerprints
# Check current rfc3161-client version
pip show rfc3161-client
# Upgrade to patched version
pip install --upgrade rfc3161-client>=1.0.6
# Verify upgrade was successful
pip show rfc3161-client | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
