CVE-2026-11310

Source
https://cve.org/CVERecord?id=CVE-2026-11310
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11310.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-11310
Downstream
Published
2026-06-25T19:38:19.099Z
Modified
2026-07-16T03:48:15.173220750Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
Details

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSLX509verifycert()). This affects only builds with --enable-opensslextra (OPENSSLEXTRA) and whose application validates certificates by calling X509verifycert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509verifycert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSLVERIFYPEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts.

Database specific
{
    "cwe_ids": [
        "CWE-295"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11310.json",
    "cna_assigner": "wolfSSL"
}
References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type
GIT
Repo
https://github.com/wolfssl/wolfssl
Events
Database specific
{
    "cpe": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "5.8.4"
        },
        {
            "last_affected": "5.9.1"
        },
        {
            "fixed": "5.9.2"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

v5.*
v5.8.4-stable
v5.9.0-stable
v5.9.1-stable
Other
wolfEntropy2d

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11310.json"