Improper Certificate Validation in wolfSSL - CVE-2026-55964

 

Improper Certificate Validation in wolfSSL - CVE-2026-55964

Published: July 1, 2026


Vulnerability identifier: #VU136647
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-55964
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: wolfSSL
Affected software:
wolfSSL

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certificate chain validation.

The vulnerability exists due to improper certificate validation in the OpenSSL-compatibility certificate-path-building path when processing chain-supplied temporary CAs without keyCertSign. A remote attacker can present a crafted intermediate CA certificate to bypass certificate chain validation.

This affects the OpenSSL compatibility path where untrusted chain intermediates are added as temporary CAs. Native certificate verification is unaffected.


How to mitigate CVE-2026-55964

Install security update from vendor's website.

Sources