Main Vulnerability Database Vulnerabilities #VU125931

#VU125931 Improper Certificate Validation in wolfSSL - CVE-2026-5501

Published: April 14, 2026

Vulnerability identifier: #VU125931

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-5501

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
wolfSSL

Software vendor:
wolfSSL

Description

The vulnerability allows a remote attacker to bypass certificate signature verification.

The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() in the OpenSSL compatibility layer when processing a certificate chain with an untrusted intermediate marked CA:FALSE. A remote attacker can supply a crafted certificate chain to bypass certificate signature verification.

The issue is limited to applications using the OpenSSL compatibility API directly and does not affect the native wolfSSL TLS handshake path.

Remediation

Install security update from vendor's website.

External links

https://github.com/wolfSSL/wolfssl/releases/tag/v5.9.1-stable

#VU125931 Improper Certificate Validation in wolfSSL - CVE-2026-5501

Description

Remediation

External links

Please verify you're human