Description
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.
Published: 2026-04-10
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication failure allowing tampered data to be accepted
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in wolfSSL’s EVP API, where ChaCha20-Poly1305 decryption does not verify the authentication tag before returning plaintext. An attacker who can supply a forged tag can cause the application to accept corrupted data, compromising data integrity and potentially revealing confidential information if the ciphertext is controlled.

Affected Systems

The flaw affects the wolfSSL library for any builds that employ ChaCha20-Poly1305 via the EVP interface. Version information is not specified, so all releases before the fix in PR 10102 should be treated as potentially vulnerable until a patched release is deployed.

Risk and Exploitability

The CVSS score of 7.6 indicates medium‑high severity. EPSS is not available and the vulnerability is not in KEV, yet the attack path is straightforward: an application using wolfSSL for ChaCha20‑Poly1305 can be subverted by providing a malformed authentication tag. Because wolfSSL is widely used in embedded, IoT, and network services, the impact could be significant for any environment that does not apply the patch.

Generated by OpenCVE AI on April 10, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wolfSSL to a version that contains the fix from PR 10102 or later.
  • If an upgrade is not immediately possible, manually verify the ChaCha20‑Poly1305 authentication tag before accepting decrypted data.
  • Consider disabling Chacha20‑Poly1305 usage in affected applications until the library is updated.
  • Monitor the wolfSSL release stream for patched versions and apply updates promptly.
  • After update, test encrypted communications to confirm proper tag verification.

Generated by OpenCVE AI on April 10, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Fri, 10 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Description In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.
Title wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
Weaknesses CWE-354
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-22T03:55:50.004Z

Reserved: 2026-04-03T08:22:18.791Z

Link: CVE-2026-5479

cve-icon Vulnrichment

Updated: 2026-04-10T13:44:02.475Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T04:17:16.930

Modified: 2026-04-29T13:45:33.127

Link: CVE-2026-5479

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:00Z

Weaknesses