Improper Authentication in wolfSSL - CVE-2026-11703
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication context binding.
The vulnerability exists due to improper authentication in stateful session resumption when resuming a cached session under a different SNI or ALPN than originally negotiated. A remote attacker can resume a cached session under a different SNI or ALPN to bypass authentication context binding.
This affects the session-ID resumption path and is relevant where client-authentication policy differs across virtual hosts.