CVE-2026-5501

Source
https://cve.org/CVERecord?id=CVE-2026-5501
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5501.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5501
Downstream
Published
2026-04-10T03:07:39.604Z
Modified
2026-07-16T03:48:42.266618826Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Details

wolfSSLX509verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns WOLFSSL_SUCCESS / X509_V_OK. The native wolfSSL TLS handshake path (ProcessPeerCerts) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.

Database specific
{
    "cwe_ids": [
        "CWE-295"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5501.json",
    "cna_assigner": "wolfSSL"
}
References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type
GIT
Repo
https://github.com/wolfssl/wolfssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.9.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

Other
WCv4-rng-stable
l
list
wolfEntropy1
wolfEntropy2d
WCv5.*
WCv5.0-RC10
WCv5.0-RC11
WCv5.0-RC12
WCv5.0-RC9
v0.*
v0.5
v1.*
v1.8.8.0
v1.9.0
v2.*
v2.0.2
v2.0.3
v2.0.6
v2.0.8
v2.0rc1
v2.0rc2
v2.0rc2b
v2.0rc3
v2.4.2
v2.4.6
v2.4.7
v2.6.0
v2.6.2
v2.7.0
v2.7.2
v2.8.0
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.5a
v2.8.6
v2.9.0
v2.9.1
v2.9.2
v2.9.4
v3.*
v3.10.0-stable
v3.10.0a
v3.10.2-stable
v3.10.3
v3.11.0-stable
v3.11.1-tls13-beta
v3.12.0-stable
v3.12.2-stable
v3.13.0-stable
v3.13.2
v3.13.3
v3.14.0-stable
v3.14.0a
v3.14.0b
v3.14.2
v3.14.4
v3.15.0-stable
v3.15.3-stable
v3.15.5-stable
v3.15.5a
v3.15.6
v3.15.7-stable
v3.2.0
v3.2.4
v3.2.6
v3.3.0
v3.3.3
v3.4.0
v3.4.2
v3.4.6
v3.6.8
v3.6.9
v3.7.0
v3.7.1
v3.7.3
v3.8.0
v3.9.0
v3.9.1
v3.9.10-stable
v3.9.10b
v3.9.6
v3.9.6w
v3.9.8
v4.*
v4.0.0-stable
v4.1.0-stable
v4.2.0-stable
v4.2.0c
v4.3.0-stable
v4.4.0-stable
v4.5.0-stable
v4.6.0-stable
v4.7.0-stable
v4.7.1r
v4.8.0-stable
v5.*
v5.0.0-stable
v5.1.0-stable
v5.2.0-stable
v5.2.1
v5.3.0-stable
v5.4.0-stable
v5.5.0-stable
v5.5.1-stable
v5.5.2-stable
v5.5.3-stable
v5.5.4-stable
v5.6.0-stable
v5.6.2-stable
v5.6.3-stable
v5.6.4-stable
v5.6.6-stable
v5.7.0-stable
v5.7.2-stable
v5.7.4-stable
v5.7.6-stable
v5.8.0-stable
v5.8.2-stable
v5.8.4-stable
v5.9.0-stable

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5501.json"