Improper Certificate Validation in wolfSSL - CVE-2026-5501
Published: April 14, 2026
Vulnerability identifier: #VU125931
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-5501
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: wolfSSL
Affected software:
wolfSSL
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certificate signature verification.
The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() in the OpenSSL compatibility layer when processing a certificate chain with an untrusted intermediate marked CA:FALSE. A remote attacker can supply a crafted certificate chain to bypass certificate signature verification.
The issue is limited to applications using the OpenSSL compatibility API directly and does not affect the native wolfSSL TLS handshake path.
How to mitigate CVE-2026-5501
Install security update from vendor's website.