Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
Published:
11 januari 2026 om 23:00:00
Alert date:
12 januari 2026 om 16:31:46
Source:
nvd.nist.gov
Enterprise Applications, Network Infrastructure
CVE-2025-71063 affects Errands application versions before 46.2.10, where the software fails to verify TLS certificates when connecting to CalDAV servers. This vulnerability allows potential man-in-the-middle attacks against calendar synchronization connections. The issue has been addressed in version 46.2.10 with proper TLS certificate verification implemented. Multiple GitHub references document the fix and related issues.
Technical details
Mitigation steps:
Affected products:
Errands
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-71063
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738
https://github.com/mrvladus/Errands/commit/04e567b432083fc798ea2249363ea6c83ff01099
https://github.com/mrvladus/Errands/compare/46.2.9...46.2.10
https://github.com/mrvladus/Errands/issues/401
https://github.com/mrvladus/Errands/releases/tag/46.2.10
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.