Improper Certificate Validation in wolfSSL - CVE-2026-55964
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certificate chain validation.
The vulnerability exists due to improper certificate validation in the OpenSSL-compatibility certificate-path-building path when processing chain-supplied temporary CAs without keyCertSign. A remote attacker can present a crafted intermediate CA certificate to bypass certificate chain validation.
This affects the OpenSSL compatibility path where untrusted chain intermediates are added as temporary CAs. Native certificate verification is unaffected.