CVE-2026-5501

EUVD-2026-21294

10.04.2026, 04:17

wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
wolfssl	wolfssl	𝑥 ≤ 5.9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wolfssl

bookworm	no-dsa
bullseye	postponed
forky	5.9.1-0.1 fixed
sid	5.9.1-0.1 fixed
trixie	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

wolfssl

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
questing	needs-triage
resolute	needs-triage
xenial	ignored

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

https://github.com/wolfSSL/wolfssl/pull/10102