PYSEC-2026-575

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/wolfssl/PYSEC-2026-575.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-575
Aliases
Published
2026-06-29T11:50:51.846296Z
Modified
2026-07-01T20:23:12.060789Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
wolfSSL Python module vulnerable to Improper Authentication
Details

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. 

Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. 

This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake. 

The issue affects versions up to and including 5.8.2.

References

Affected packages

PyPI / wolfssl

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.4.post0

Affected versions

0.*
0.1.0
0.1.1
0.1.2
3.*
3.12.2.post0
3.13.0.post0
3.13.0.post1
3.14.0.post1
4.*
4.1.0.post0
5.*
5.3.0.post0
5.4.0.post0
5.5.3.post0
5.5.4.post0
5.6.0.post0
5.6.6.post0
5.7.2.post0
5.7.4.post0
5.8.2.post0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/wolfssl/PYSEC-2026-575.yaml"