Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-11999

Summary
Assigner-wolfSSL
Assigner Org ID-50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At-25 Jun, 2026 | 16:56
Updated At-25 Jun, 2026 | 17:56
Rejected At-
Credits

X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_cert() returned success based only on the last verified link rather than on reaching a trust anchor: when the supplied chain is deeper than the verifier's maximum path depth (default 100), path building runs out of depth while still walking untrusted intermediates and the chain is accepted even though it never reaches a configured trust anchor, allowing acceptance of an attacker-controlled certificate. The default TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only applications doing manual or deferred verification through this API are.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:wolfSSL
Assigner Org ID:50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At:25 Jun, 2026 | 16:56
Updated At:25 Jun, 2026 | 17:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_cert() returned success based only on the last verified link rather than on reaching a trust anchor: when the supplied chain is deeper than the verifier's maximum path depth (default 100), path building runs out of depth while still walking untrusted intermediates and the chain is accepted even though it never reaches a configured trust anchor, allowing acceptance of an attacker-controlled certificate. The default TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only applications doing manual or deferred verification through this API are.

Affected Products
Vendor
wolfSSL
Product
wolfSSL
Collection URL
https://github.com/wolfSSL/wolfssl
Default Status
unaffected
Versions
Affected
  • From 5.7.4 through 5.9.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Corban Villa, Sohee Kim and Austin Chu (UC Berkeley, Sky Lab)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/wolfSSL/wolfssl/pull/10674
patch
https://www.wolfssl.com/docs/security-vulnerabilities/
N/A
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10674
Resource:
patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:facts@wolfssl.com
Published At:25 Jun, 2026 | 18:16
Updated At:26 Jun, 2026 | 16:50

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_cert() returned success based only on the last verified link rather than on reaching a trust anchor: when the supplied chain is deeper than the verifier's maximum path depth (default 100), path building runs out of depth while still walking untrusted intermediates and the chain is accepted even though it never reaches a configured trust anchor, allowing acceptance of an attacker-controlled certificate. The default TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only applications doing manual or deferred verification through this API are.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

wolfssl
wolfssl
>>wolfssl>>Versions from 5.7.4(inclusive) to 5.9.2(exclusive)
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-295Secondaryfacts@wolfssl.com
CWE ID: CWE-295
Type: Secondary
Source: facts@wolfssl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/wolfSSL/wolfssl/pull/10674facts@wolfssl.com
Issue Tracking
Patch
https://www.wolfssl.com/docs/security-vulnerabilities/facts@wolfssl.com
Vendor Advisory
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10674
Source: facts@wolfssl.com
Resource:
Issue Tracking
Patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Source: facts@wolfssl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

102Records found

CVE-2014-2902
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.48%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:05
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-7532
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.15% / 5.00%
||
7 Day CHG+0.06%
Published-25 Jun, 2026 | 21:31
Updated-01 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined

iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6731
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-6||MEDIUM
EPSS-0.12% / 2.49%
||
7 Day CHG-0.03%
Published-25 Jun, 2026 | 20:08
Updated-27 Jun, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 name constraint bypass via Subject CN treated as a DNS name

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-55960
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.14% / 4.11%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 19:31
Updated-26 Jun, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation

Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-2901
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.92%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:02
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-25640
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.64%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 01:07
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-11310
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-8.7||HIGH
EPSS-0.14% / 4.11%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 19:38
Updated-26 Jun, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509_verify_cert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-7511
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.74%
||
7 Day CHG+0.06%
Published-25 Jun, 2026 | 21:32
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7_verify signer confusion allows forged signatures to be accepted

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2014-2904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.64%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:08
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-6325
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-2||LOW
EPSS-0.18% / 7.20%
||
7 Day CHG+0.06%
Published-25 Jun, 2026 | 21:04
Updated-27 Jun, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6331
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-2.1||LOW
EPSS-0.15% / 4.36%
||
7 Day CHG+0.05%
Published-25 Jun, 2026 | 20:56
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HMAC zero-length tag forgery in EVP_DigestVerifyFinal

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-8720
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 1.57%
||
7 Day CHG+0.02%
Published-25 Jun, 2026 | 21:18
Updated-27 Jun, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HMAC-BLAKE2 final discards message when key length exceeds block size

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2026-5447
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 12.75%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 20:13
Updated-29 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5477
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.42% / 33.76%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 05:06
Updated-27 Apr, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prefix-substitution forgery via integer overflow in wolfCrypt CMAC

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional; the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-55961
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.10% / 0.84%
||
7 Day CHG-0.03%
Published-25 Jun, 2026 | 16:51
Updated-26 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-2645
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.59%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 17:10
Updated-29 Apr, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2026-11703
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.28%
||
7 Day CHG-0.06%
Published-25 Jun, 2026 | 21:15
Updated-27 Jun, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption

Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption now verifies the SNI/ALPN binding for all paths and declines (falling back to a full handshake) on mismatch.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-287
Improper Authentication
CVE-2026-5501
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-8.6||HIGH
EPSS-0.18% / 8.17%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 03:07
Updated-27 Apr, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates

wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-5263
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-7||HIGH
EPSS-0.17% / 6.07%
||
7 Day CHG+0.01%
Published-09 Apr, 2026 | 21:15
Updated-02 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URI nameConstraints not enforced in ConfirmNameConstraints()

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6091
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-6||MEDIUM
EPSS-0.12% / 2.23%
||
7 Day CHG-0.04%
Published-25 Jun, 2026 | 16:46
Updated-26 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Partial-chain verification accepts untrusted intermediate as trust anchor

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6450
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-1||LOW
EPSS-0.18% / 7.67%
||
7 Day CHG+0.04%
Published-25 Jun, 2026 | 20:18
Updated-27 Jun, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CRL critical extension bypass in ParseCRL_Extensions

A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-55964
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 1.99%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 19:30
Updated-26 Jun, 2026 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) added while building a certificate path were previously exempted from this check, so an intermediate asserting CA:TRUE but lacking keyCertSign was accepted as a signing CA. The check now applies to chain-supplied temporary CAs as well; only operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed roots remain exempt. Per RFC 5280 an absent Key Usage extension implies all usages, so the requirement is enforced only when the extension is actually present (extKeyUsageSet). Affects the OpenSSL-compatibility certificate-path-building path (X509_verify_cert / X509_STORE, OPENSSL_EXTRA/OPENSSL_ALL), where untrusted chain intermediates are added as temporary CAs; native (non-OpenSSL-compat) certificate verification does not create temporary CAs and is unaffected. Within those builds, the check applies unless ALLOW_INVALID_CERTSIGN is defined.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-7395
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-9.2||CRITICAL
EPSS-0.22% / 12.75%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 22:15
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Domain Name Validation Bypass with Apple Native Certificate Validation

A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname.

Action-Not Available
Vendor-wolfSSL
Product-wolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-3724
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.54% / 41.47%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 21:13
Updated-29 Oct, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. 

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-24613
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.86% / 54.05%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 21:06
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-2800
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-8.53% / 94.39%
||
7 Day CHG~0.00%
Published-24 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-25638
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 45.27%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 01:06
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-5194
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.47% / 37.20%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 19:30
Updated-23 May, 2026 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL ECDSA Certificate Verification

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-10098
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 2.19%
||
7 Day CHG-0.06%
Published-25 Jun, 2026 | 21:16
Updated-27 Jun, 2026 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status

OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target's serial would match, returning the wrong certificate's status. The fix requires the serial lengths to be equal before comparing the serial bytes.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-10592
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 2.47%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 19:40
Updated-26 Jun, 2026 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wildcard DNS SAN bypasses CA name-constraint checks

Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-3336
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.79% / 51.86%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 04:58
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-29653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 42.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 16:41
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-vaultn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-29495
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.49% / 38.62%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 15:15
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nim stdlib httpClient does not validate peer certificates by default

Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.

Action-Not Available
Vendor-nim-langnim-lang
Product-nimsecurity
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-27400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.91%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 16:48
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-vaultn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-19270
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 58.99%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:34
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

Action-Not Available
Vendor-proftpdn/aFedora Project
Product-fedoraproftpdn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-1514
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-7.4||HIGH
EPSS-0.32% / 23.43%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 14:22
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_scripting_interfaceRTU500 Scripting Interface
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-1409
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 28.71%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 15:21
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certificate validation issue in MongoDB Server running on Windows or macOS

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.

Action-Not Available
Vendor-Microsoft CorporationMongoDB, Inc.Apple Inc.
Product-windowsmongodbmacosMongoDB Server
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-25633
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 16:43
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Content Manipulation with Double Certificate Attack

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Action-Not Available
Vendor-libreofficeThe Document FoundationDebian GNU/Linux
Product-debian_linuxlibreofficeLibreOffice
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-19271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.23%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:33
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

Action-Not Available
Vendor-proftpdn/a
Product-proftpdn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-25634
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.09%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:33
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timestamp Manipulation with Signature Wrapping

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Action-Not Available
Vendor-libreofficeThe Document FoundationDebian GNU/Linux
Product-debian_linuxlibreofficeLibreOffice
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-25636
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.38%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect trust validation of signature with ambiguous KeyInfo children

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

Action-Not Available
Vendor-libreofficeThe Document FoundationFedora Project
Product-fedoralibreofficeLibreOffice
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-31083
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.80% / 52.26%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 18:15
Updated-23 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass in Parse Server Apple Game Center auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-29222
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 48.71%
||
7 Day CHG~0.00%
Published-21 May, 2022 | 00:00
Updated-23 Apr, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Certificate Validation in Pion DTLS

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.

Action-Not Available
Vendor-pionpion
Product-dtlsdtls
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-28142
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.30%
||
7 Day CHG-0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.

Action-Not Available
Vendor-Jenkins
Product-proxmoxJenkins Proxmox Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-27782
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.60% / 83.44%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 00:00
Updated-27 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)CURLDebian GNU/Linux
Product-universal_forwardercurldebian_linuxhttps://github.com/curl/curl
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-16281
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 66.05%
||
7 Day CHG~0.00%
Published-30 Dec, 2020 | 20:12
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block.

Action-Not Available
Vendor-ptarmigan_projectn/a
Product-ptarmigann/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-1277
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.93%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:56
Updated-12 Nov, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Certificate Validation Vulnerabilities

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-1276
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.93%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:56
Updated-12 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Certificate Validation Vulnerabilities

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-9040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.32%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 15:21
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_server_java_sdkn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-8286
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-4.58% / 90.47%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:39
Updated-15 Nov, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

Action-Not Available
Vendor-n/aNetApp, Inc.Debian GNU/LinuxOracle CorporationSiemens AGSplunk LLC (Cisco Systems, Inc.)Apple Inc.CURLFedora Project
Product-libcurlpeoplesoft_enterprise_peopletoolscommunications_billing_and_revenue_managementhci_storage_nodehci_storage_node_firmwarehci_bootstrap_osmacosuniversal_forwarderhci_compute_nodecommunications_cloud_native_core_policysolidfiresinec_infrastructure_network_servicesclustered_data_ontapsimatic_tim_1531_irc_firmwaredebian_linuxessbasehci_management_nodefedoramac_os_xsimatic_tim_1531_irchttps://github.com/curl/curl
CWE ID-CWE-295
Improper Certificate Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found