CVE-2026-5263

EUVD-2026-21178
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
wolfsslwolfssl
𝑥
< 5.9.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wolfssl
bookworm
no-dsa
bullseye
postponed
forky
5.9.1-0.1
fixed
sid
5.9.1-0.1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wolfssl
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
Common Weakness Enumeration
References
https://github.com/wolfSSL/wolfssl/pull/10048