Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-8720

Summary
Assigner-wolfSSL
Assigner Org ID-50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At-25 Jun, 2026 | 21:18
Updated At-26 Jun, 2026 | 10:35
Rejected At-
Credits

HMAC-BLAKE2 final discards message when key length exceeds block size

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:wolfSSL
Assigner Org ID:50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At:25 Jun, 2026 | 21:18
Updated At:26 Jun, 2026 | 10:35
Rejected At:
â–¼CVE Numbering Authority (CNA)
HMAC-BLAKE2 final discards message when key length exceeds block size

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

Affected Products
Vendor
wolfSSL
Product
wolfSSL
Collection URL
https://github.com/wolfSSL/wolfssl
Default Status
unaffected
Versions
Affected
  • From 5.9.0 through 5.9.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-354CWE-354 Improper Validation of Integrity Check Value
Type: CWE
CWE ID: CWE-354
Description: CWE-354 Improper Validation of Integrity Check Value
Metrics
VersionBase scoreBase severityVector
4.05.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/wolfSSL/wolfssl/pull/10447
patch
https://www.wolfssl.com/docs/security-vulnerabilities/
N/A
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10447
Resource:
patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:facts@wolfssl.com
Published At:25 Jun, 2026 | 22:17
Updated At:27 Jun, 2026 | 19:43

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

wolfssl
wolfssl
>>wolfssl>>Versions from 5.9.0(inclusive) to 5.9.2(exclusive)
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-354Secondaryfacts@wolfssl.com
CWE ID: CWE-354
Type: Secondary
Source: facts@wolfssl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/wolfSSL/wolfssl/pull/10447facts@wolfssl.com
Issue Tracking
Patch
https://www.wolfssl.com/docs/security-vulnerabilities/facts@wolfssl.com
Vendor Advisory
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10447
Source: facts@wolfssl.com
Resource:
Issue Tracking
Patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Source: facts@wolfssl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

36Records found

CVE-2026-7511
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.74%
||
7 Day CHG+0.06%
Published-25 Jun, 2026 | 21:32
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7_verify signer confusion allows forged signatures to be accepted

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2014-2904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.64%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:08
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-2902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.48%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:05
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6325
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-2||LOW
EPSS-0.18% / 7.20%
||
7 Day CHG+0.06%
Published-25 Jun, 2026 | 21:04
Updated-27 Jun, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6331
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-2.1||LOW
EPSS-0.15% / 4.36%
||
7 Day CHG+0.05%
Published-25 Jun, 2026 | 20:56
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HMAC zero-length tag forgery in EVP_DigestVerifyFinal

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-7532
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.15% / 5.00%
||
7 Day CHG+0.06%
Published-25 Jun, 2026 | 21:31
Updated-01 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined

iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6731
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-6||MEDIUM
EPSS-0.12% / 2.49%
||
7 Day CHG-0.03%
Published-25 Jun, 2026 | 20:08
Updated-27 Jun, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 name constraint bypass via Subject CN treated as a DNS name

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-5447
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 12.75%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 20:13
Updated-29 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5477
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.42% / 33.76%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 05:06
Updated-27 Apr, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prefix-substitution forgery via integer overflow in wolfCrypt CMAC

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional; the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-55960
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.14% / 4.11%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 19:31
Updated-26 Jun, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation

Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-55961
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.10% / 0.84%
||
7 Day CHG-0.03%
Published-25 Jun, 2026 | 16:51
Updated-26 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2014-2901
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.92%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:02
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-2645
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.59%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 17:10
Updated-29 Apr, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2022-25640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.64%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 01:07
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-11999
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.14% / 4.11%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 16:56
Updated-26 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_cert() returned success based only on the last verified link rather than on reaching a trust anchor: when the supplied chain is deeper than the verifier's maximum path depth (default 100), path building runs out of depth while still walking untrusted intermediates and the chain is accepted even though it never reaches a configured trust anchor, allowing acceptance of an attacker-controlled certificate. The default TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only applications doing manual or deferred verification through this API are.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-11703
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.28%
||
7 Day CHG-0.06%
Published-25 Jun, 2026 | 21:15
Updated-27 Jun, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption

Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption now verifies the SNI/ALPN binding for all paths and declines (falling back to a full handshake) on mismatch.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-287
Improper Authentication
CVE-2026-11310
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-8.7||HIGH
EPSS-0.14% / 4.11%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 19:38
Updated-26 Jun, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509_verify_cert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-5504
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 1.56%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 22:33
Updated-29 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7 CBC Padding Oracle — Plaintext Recovery

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2026-5479
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-7.6||HIGH
EPSS-0.15% / 4.76%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 02:38
Updated-29 Apr, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2022-36360
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.31%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!_8_bm_firmwarelogo\!8_bmLOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2019-18672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.53%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 17:54
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.

Action-Not Available
Vendor-shapeshiftn/a
Product-keepkey_firmwaren/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2022-22781
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.81%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 14:59
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Update package downgrade in Zoom Client for Meetings for MacOS

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meetingsZoom Client for Meetings for MacOS (Standard and for IT Admin)
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2020-6228
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 30.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 18:32
Updated-27 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.

Action-Not Available
Vendor-SAP SE
Product-business_clientSAP Business Client
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2012-1170
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.71%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:29
Updated-06 Aug, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Action-Not Available
Vendor-Moodle Pty LtdFedora Project
Product-fedoramoodleMoodle
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2026-28498
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.23% / 13.21%
||
7 Day CHG+0.02%
Published-16 Mar, 2026 | 18:03
Updated-01 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.

Action-Not Available
Vendor-authlibauthlibRed Hat, Inc.
Product-authlibauthlibRed Hat Ansible Automation Platform 2Lightspeed CoreRed Hat Satellite 6Red Hat Quay 3.12Red Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat Quay 3.16Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15
CWE ID-CWE-325
Missing Cryptographic Step
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-573
Improper Following of Specification by Caller
CVE-2020-13847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 45.70%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 17:16
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

Action-Not Available
Vendor-sylabsn/a
Product-singularityn/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2020-13845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.14%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 17:23
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

Action-Not Available
Vendor-sylabsn/a
Product-singularityn/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-33206
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 20.03%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 00:00
Updated-19 Aug, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

Action-Not Available
Vendor-dieboldnixdorfn/adieboldnixdorf
Product-vynamic_security_suiten/avynamic_security_suite
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2020-11497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 63.07%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 18:25
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step.

Action-Not Available
Vendor-n/aWooCommerce
Product-nab_transactn/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2023-30356
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.00%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 00:00
Updated-27 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-cp3_firmwarecp3n/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2026-31839
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.12% / 2.00%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 16:46
Updated-20 Mar, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Striae has a hash validation utility vulnerability

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.

Action-Not Available
Vendor-striaestriae-org
Product-striaestriae
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2026-26275
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 5.73%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 21:25
Updated-03 Mar, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, the comparison `if matches!(digest, _expected_digest)` treated `_expected_digest` as a pattern binding rather than a value comparison, resulting in unconditional success of the match expression. As a consequence, digest verification could incorrectly return success even when the computed digest did not match the expected value. Applications relying on Digest verification as part of HTTP message signature validation may therefore fail to detect message body modification. The severity depends on how the library is integrated and whether additional signature validation layers are enforced. This issue has been fixed in `httpsig-hyper` 0.0.23. The fix replaces the incorrect `matches!` usage with proper value comparison and additionally introduces constant-time comparison for digest verification as defense-in-depth. Regression tests have also been added to prevent reintroduction of this issue. Users are strongly advised to upgrade to the patched version. There is no reliable workaround without upgrading. Users who cannot immediately upgrade should avoid relying solely on Digest verification for message integrity and ensure that full HTTP message signature verification is enforced at the application layer.

Action-Not Available
Vendor-junkuriharajunkurihara
Product-httpsig-hyperhttpsig-rs
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-697
Incorrect Comparison
CVE-2022-45142
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.60%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.

Action-Not Available
Vendor-heimdal_projectn/a
Product-heimdalSamba
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2022-24404
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 12.16%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 09:31
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ciphertext Malleability in TETRA

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.

Action-Not Available
Vendor-midnightblueETSI
Product-tetra\TETRA Standard
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2022-22253
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG+0.01%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2017-18689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.30%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 14:08
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynos_5433exynos_7870exynos_7420n/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
Details not found