Improper Authentication in wolfSSL - CVE-2026-55962
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass client certificate authentication.
The vulnerability exists due to improper authentication in TLS 1.3 post-handshake authentication processing when accepting a client's Finished message while a post-handshake CertificateRequest is still outstanding. A remote attacker can send a Finished message without a Certificate and CertificateVerify to bypass client certificate authentication.
Only TLS 1.3 servers built with post-handshake authentication support and configured to request a client certificate after the handshake are affected.