Description
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
Published: 2026-04-10
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Certificate Spoofing
Action: Immediate Patch
AI Analysis

Impact

A flaw in the wolfSSL OpenSSL compatibility layer allows a certificate chain to be accepted when the leaf certificate's signature is not verified. When an application supplies an untrusted intermediate with the Basic Constraints field set to CA:FALSE that is still legitimately signed by a trusted root, the verification function returns success even though the leaf was not properly checked. As a result an attacker who can obtain any leaf certificate from a public CA, for example a free DV certificate from Let’s Encrypt, can create a forged certificate for any subject and public key. The function then reports success, enabling the attacker to impersonate a legitimate server or client and potentially carry out man‑in‑the‑middle attacks, credential theft, or data exfiltration. Only the OpenSSL compatibility API is affected; the native wolfSSL TLS handshake path remains secure.

Affected Systems

The vulnerability affects the wolfSSL library itself, specifically versions that expose the OpenSSL compatibility API. Applications that integrate wolfSSL via this API—such as nginx and haproxy—are susceptible. No specific product version details are provided in the input.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog, suggesting limited observed exploitation. The likely attack vector involves an attacker delivering a crafted certificate chain to an application using the affected API, exploiting the missing leaf signature check to establish a TLS session with the attacker’s forged credentials. Because the flaw operates without interacting with the application’s native certificate verification path, it can be triggered remotely by simply presenting the forged chain during the TLS handshake.

Generated by OpenCVE AI on April 10, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update wolfSSL to the latest release that incorporates the fix for the OpenSSL compatibility path.
  • Verify that the application is using the native wolfSSL TLS handshake path instead of the OpenSSL compatibility API.
  • If upgrading is not immediately possible, restrict inbound TLS traffic to known, trusted clients or servers to mitigate the risk of accepting forged certificates.

Generated by OpenCVE AI on April 10, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Wed, 22 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Fri, 10 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Description wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
Title Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Weaknesses CWE-295
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-22T13:59:28.514Z

Reserved: 2026-04-03T15:46:09.302Z

Link: CVE-2026-5501

cve-icon Vulnrichment

Updated: 2026-04-10T13:43:00.745Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T04:17:17.230

Modified: 2026-04-27T17:57:21.137

Link: CVE-2026-5501

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:26:56Z

Weaknesses