SB2026070167 - Multiple vulnerabilities in wolfSSL



SB2026070167 - Multiple vulnerabilities in wolfSSL

Published: July 1, 2026

Security Bulletin ID SB2026070167
CSH Severity
High
Patch available
YES
Number of vulnerabilities 32
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 44% Medium 56%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 32 vulnerabilities.


1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-7511)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to forge signatures.

The vulnerability exists due to improper authentication in PKCS7_verify when binding a signer to a signature. A remote attacker can supply a crafted PKCS#7 object to forge signatures.


2) Observable discrepancy (CVE-ID: CVE-2026-6291)

CWE-ID: CWE-203 - Observable discrepancy

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to recover encrypted content encryption keys.

The vulnerability exists due to observable discrepancy in error responses in PKCS#7 KTRI decryption when decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport. A remote attacker can submit crafted EnvelopedData messages and observe error responses to recover encrypted content encryption keys.


3) Out-of-bounds read (CVE-ID: CVE-2026-12340)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an out-of-bounds read in SM2/SM3 certificate signature verification when parsing a certificate with an SM3wSM2 signature and a short public key. A remote attacker can present a crafted certificate to cause a denial of service.

Only builds with SM2 support enabled are affected.


4) Improper Certificate Validation (CVE-ID: CVE-2026-6450)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass CRL critical extension enforcement.

The vulnerability exists due to improper certificate validation in ParseCRL_Extensions when parsing CRLs with unhandled critical extensions. A remote attacker can supply a crafted CRL with an unhandled critical extension to bypass CRL critical extension enforcement.

Only builds with CRL support enabled are affected, and the crafted CRL must have a trusted signature when parsed.


5) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2026-6412)

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to use weak certificate signatures.

The vulnerability exists due to improper certificate validation in certificate processing when handling SHA-1 or MD5 signatures. A remote attacker can present certificates using weak signature algorithms to use weak certificate signatures.


6) Out-of-bounds write (CVE-ID: CVE-2026-6325)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to cause memory corruption.

The vulnerability exists due to an out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list. A remote attacker can send an oversized signature algorithms list to cause memory corruption.


7) Use-after-free (CVE-ID: CVE-2026-7531)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a use-after-free in PQC hybrid key-share handling when processing a truncated PQC hybrid KeyShare. A remote attacker can send a truncated PQC hybrid KeyShare to cause a denial of service.

The issue can be triggered by a malicious TLS 1.3 server.


8) Integer overflow (CVE-ID: CVE-2026-6678)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause incorrect length handling during decryption.

The vulnerability exists due to an integer overflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info. A remote attacker can supply crafted Other Recipient Info to cause incorrect length handling during decryption.


9) Incorrect calculation (CVE-ID: CVE-2026-10512)

CWE-ID: CWE-682 - Incorrect Calculation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause incorrect shared secret computation.

The vulnerability exists due to incorrect calculation in the X25519 x86_64 assembly implementation when performing the final modular reduction. A remote attacker can trigger X25519 operations to cause incorrect shared secret computation.

The issue affects the x86_64 assembly implementation.


10) Out-of-bounds write (CVE-ID: CVE-2026-6681)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to cause memory corruption.

The vulnerability exists due to an out-of-bounds write in the PKCS#7 decode path when decoding content into a caller-supplied output buffer. A remote attacker can supply crafted PKCS#7 data to cause memory corruption.

This affects wolfSSL 5.9.0 and earlier.


11) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-6331)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to forge HMAC verification results.

The vulnerability exists due to improper authentication in EVP_DigestVerifyFinal when verifying HMAC tags. A remote attacker can supply a zero-length tag to forge HMAC verification results.


12) Protection mechanism failure (CVE-ID: CVE-2026-6092)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to weaken message integrity protections.

The vulnerability exists due to improper protocol enforcement in the TLS record protection implementation when HAVE_ENCRYPT_THEN_MAC is configured. A remote attacker can trigger fallback behavior to weaken message integrity protections.

The issue occurs only when HAVE_ENCRYPT_THEN_MAC is configured.


13) Improper Certificate Validation (CVE-ID: CVE-2026-55964)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass certificate chain validation.

The vulnerability exists due to improper certificate validation in the OpenSSL-compatibility certificate-path-building path when processing chain-supplied temporary CAs without keyCertSign. A remote attacker can present a crafted intermediate CA certificate to bypass certificate chain validation.

This affects the OpenSSL compatibility path where untrusted chain intermediates are added as temporary CAs. Native certificate verification is unaffected.


14) Improper Authentication (CVE-ID: CVE-2026-55962)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass client certificate authentication.

The vulnerability exists due to improper authentication in TLS 1.3 post-handshake authentication processing when accepting a client's Finished message while a post-handshake CertificateRequest is still outstanding. A remote attacker can send a Finished message without a Certificate and CertificateVerify to bypass client certificate authentication.

Only TLS 1.3 servers built with post-handshake authentication support and configured to request a client certificate after the handshake are affected.


15) Improper Authentication (CVE-ID: CVE-2026-11703)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass authentication context binding.

The vulnerability exists due to improper authentication in stateful session resumption when resuming a cached session under a different SNI or ALPN than originally negotiated. A remote attacker can resume a cached session under a different SNI or ALPN to bypass authentication context binding.

This affects the session-ID resumption path and is relevant where client-authentication policy differs across virtual hosts.


16) Improper Certificate Validation (CVE-ID: CVE-2026-11310)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass certificate chain validation.

The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() when processing caller-supplied untrusted intermediate certificates. A remote attacker can present a crafted certificate chain to bypass certificate chain validation.

Only builds with OPENSSL_EXTRA enabled are affected. Native wolfSSL TLS/DTLS usage is not impacted, and exploitation requires applications to use the OpenSSL compatibility X509_verify_cert() API with caller-supplied untrusted intermediates.


17) Improper Certificate Validation (CVE-ID: CVE-2026-7532)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass name constraints.

The vulnerability exists due to improper certificate validation in IP address name-constraint enforcement when WOLFSSL_IP_ALT_NAME is not defined. A remote attacker can present a crafted certificate to bypass name constraints.

The issue occurs only when WOLFSSL_IP_ALT_NAME is not defined.


18) Improper Certificate Validation (CVE-ID: CVE-2026-10592)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass name constraints.

The vulnerability exists due to improper certificate validation in certificate name-constraint processing when handling wildcard DNS SAN entries. A remote attacker can present a crafted certificate with wildcard DNS SANs to bypass name constraints.


19) Input validation error (CVE-ID: CVE-2026-10098)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to falsify certificate revocation status.

The vulnerability exists due to improper input validation in wolfSSL_OCSP_resp_find_status when matching CertID serial numbers. A remote attacker can supply a crafted OCSP response with a same-issuer serial prefix to falsify certificate revocation status.


20) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-10097)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to weaken ciphertext integrity protections.

The vulnerability exists due to improper authentication in the ML-KEM-1024 x64 AVX2 implicit rejection path when decapsulating ciphertext. A remote attacker can supply crafted ciphertext to weaken ciphertext integrity protections.

The issue affects the x64 AVX2 code path.


21) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-8720)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass MAC verification.

The vulnerability exists due to improper authentication in wc_Blake2bHmacFinal and wc_Blake2sHmacFinal when processing messages with keys longer than the block size. A remote attacker can use a key longer than the block size to bypass MAC verification.

This bug is specific to the HMAC-BLAKE2 APIs added in wolfSSL version 5.9.0.


22) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-6330)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to weaken ciphertext integrity protections.

The vulnerability exists due to improper authentication in the ML-KEM ARM64 NEON ciphertext comparison path when comparing ciphertext input. A remote attacker can supply crafted ciphertext to weaken ciphertext integrity protections.

The issue only affects the ARM64 NEON code path.


23) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-6329)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass MAC verification.

The vulnerability exists due to improper authentication in PKCS#12 MAC verification when comparing MAC values using an attacker-controlled comparison length. A remote attacker can supply a crafted PKCS#12 object to bypass MAC verification.


24) Out-of-bounds read (CVE-ID: CVE-2026-6094)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an out-of-bounds read in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. A remote attacker can supply crafted PKCS7 EnvelopedData to cause a denial of service.

This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.


25) Improper Certificate Validation (CVE-ID: CVE-2026-6091)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass certificate chain validation.

The vulnerability exists due to improper certificate validation in partial-chain certificate verification when processing a chain that terminates at a peer-supplied intermediate certificate. A remote attacker can present a crafted certificate chain to bypass certificate chain validation.


26) Improper Certificate Validation (CVE-ID: CVE-2026-6731)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass name constraints.

The vulnerability exists due to improper certificate validation in X.509 certificate processing when treating the Subject Common Name as a DNS-type name. A remote attacker can present a crafted certificate to bypass name constraints.


27) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-55961)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass signature verification.

The vulnerability exists due to improper authentication in wolfSSL_PKCS7_verify() when processing a degenerate PKCS#7 object with empty signerInfos. A remote attacker can supply a crafted certs-only PKCS#7 object to bypass signature verification.

Only OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles are affected.


28) Improper Certificate Validation (CVE-ID: CVE-2026-55960)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certificate chain validation.

The vulnerability exists due to improper certificate validation in ParseCertRelative() when handling a raw public key that was not negotiated. A remote attacker can present an un-negotiated raw public key to bypass certificate chain validation.

Only builds with Raw Public Key support enabled are affected.


29) Out-of-bounds write (CVE-ID: CVE-2026-55958)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an out-of-bounds write in tsip_StoreMessage() when processing an oversized TLS 1.3 handshake transcript. A remote attacker can send an unusually large but valid certificate chain or oversized handshake message to cause a denial of service.

Only builds using the Renesas TSIP TLS port as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled are affected.


30) Heap-based buffer overflow (CVE-ID: CVE-2026-6679)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a heap-based buffer overflow in the DTLS 1.3 ACK serialization path when computing the length of the ACK record-number list. A remote attacker can send crafted DTLS 1.3 traffic to execute arbitrary code.

The issue occurs before the connecting peer is authenticated and affects builds using DTLS 1.3.


31) Improper Certificate Validation (CVE-ID: CVE-2026-11999)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass certificate chain validation.

The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() when processing caller-supplied untrusted intermediates in a chain deeper than the maximum path depth. A remote attacker can present a deeply nested crafted certificate chain to bypass certificate chain validation.

Only builds with OPENSSL_EXTRA enabled are affected. Native wolfSSL TLS/DTLS usage is not impacted, and exploitation requires applications to use the OpenSSL compatibility X509_verify_cert() API with caller-supplied untrusted intermediates.


32) Reusing a Nonce, Key Pair in Encryption (CVE-ID: CVE-2026-55967)

CWE-ID: CWE-323 - Reusing a Nonce, Key Pair in Encryption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to recover plaintext.

The vulnerability exists due to improper input validation in the AES-GCM streaming APIs when processing extremely large cumulative single message sizes. A remote attacker can trigger counter wrap and keystream reuse to recover plaintext.

The issue occurs for cumulative single message sizes greater than 64 GiB.


Remediation

Install update from vendor's website.