Description
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.
Published: 2026-03-19
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a logic flaw in wolfSSL 5.8.2 and earlier where the TLS 1.2 server state machine may accept the CertificateVerify message before receiving the ClientKeyExchange message. This incorrect sequence can allow an attacker to influence the handshake process, potentially enabling the attacker to authenticate as a client without performing the proper key exchange, or disrupt the handshake. The primary impact is the potential for authentication bypass, which could allow unauthorized access to services protected by TLS client authentication. The weakness is identified as CWE‑358.

Affected Systems

Affected vendor wolfSSL, product wolfSSL. The vulnerability applies to wolfSSL versions 5.8.2 and earlier. Versions 5.8.4 and higher have the issue fixed; 5.9.0 adds additional hardening.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. The attack would require an attacker to initiate a TLS 1.2 connection to the vulnerable server, exploiting the state machine flaw during the handshake. No public exploit code has been released, and the vulnerability is likely exploitable only in environments that rely on wolfSSL for TLS client authentication.

Generated by OpenCVE AI on March 19, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wolfSSL to version 5.8.4 or later.

Generated by OpenCVE AI on March 19, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.
Title Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Weaknesses CWE-358
References
Metrics cvssV4_0

{'score': 5.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-19T17:45:54.299Z

Reserved: 2026-02-17T22:29:13.929Z

Link: CVE-2026-2645

cve-icon Vulnrichment

Updated: 2026-03-19T17:45:36.942Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T18:16:22.043

Modified: 2026-04-29T18:47:49.063

Link: CVE-2026-2645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:06:45Z

Weaknesses