1. Critical Node-Forge Flaw: CVE-2026-33896 Allows Unauthorized Certificate Authority Spoofing
A critical security vulnerability in the widely-used `node-forge` cryptography library allows any leaf certificate to illegitimately act as a Certificate Authority (CA). The flaw, tracked as CVE-2026-33896, resides in the `pki.verifyCertificateChain()` function. It fails to enforce mandatory RFC 5280 `basicConstraints`...