GHSA-vj87-jj27-4h9c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vj87-jj27-4h9c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-vj87-jj27-4h9c/GHSA-vj87-jj27-4h9c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vj87-jj27-4h9c
- Aliases
- Published
- 2026-01-08T00:31:15Z
- Modified
- 2026-02-03T03:03:39.476813Z
- Severity
-
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- wolfSSL Python module vulnerable to Improper Authentication
- Details
-
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.
Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided.
This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.
The issue affects versions up to and including 5.8.2.
- Database specific
{ "nvd_published_at": "2026-01-08T00:15:59Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-287" ], "github_reviewed_at": "2026-01-08T20:57:58Z" }- References
Affected packages
PyPI / wolfssl
Package
- Name
- wolfssl
- View open source insights on deps.dev
- Purl
- pkg:pypi/wolfssl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.8.4.post0