If a client certificate is leaked or compromised, an attacker can use it to impersonate the legitimate client in client certificate authentication scenarios. This has several serious implications:
This is particularly dangerous in enterprise environments where client certificates are used to secure internal services, API endpoints, or microservices communications. The attacker could potentially move laterally through the network while appearing as a trusted entity.