Improper Certificate Validation in wolfSSL - CVE-2026-11999
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certificate chain validation.
The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() when processing caller-supplied untrusted intermediates in a chain deeper than the maximum path depth. A remote attacker can present a deeply nested crafted certificate chain to bypass certificate chain validation.
Only builds with OPENSSL_EXTRA enabled are affected. Native wolfSSL TLS/DTLS usage is not impacted, and exploitation requires applications to use the OpenSSL compatibility X509_verify_cert() API with caller-supplied untrusted intermediates.