Improper Certificate Validation in wolfSSL - CVE-2026-11310
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certificate chain validation.
The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() when processing caller-supplied untrusted intermediate certificates. A remote attacker can present a crafted certificate chain to bypass certificate chain validation.
Only builds with OPENSSL_EXTRA enabled are affected. Native wolfSSL TLS/DTLS usage is not impacted, and exploitation requires applications to use the OpenSSL compatibility X509_verify_cert() API with caller-supplied untrusted intermediates.