The flaw allows a raw public key, which carries no certificate chain, to be accepted as an X.509 certificate during a TLS handshake. Because the parsing function does not perform any trust verification when the key type is not negotiated, an attacker can present a forged key and make the client or server believe it is a trusted peer. This is a CWE‑295 weakness—improper verification of cryptographic parameters—which can enable impersonation of a legitimate server or client and lead to man‑in‑the‑middle attacks and unauthorized access to encrypted channels.

wolfSSL wolfSSL configurations that enable Raw Public Key support (HAVE_RPK) are affected. The vulnerability does not exist in standalone builds where this feature is disabled by default, but it is present in builds that compile with the all‑in‑one option or explicitly enable the feature.

The CVSS score of 8.2 indicates a high severity vulnerability. The EPSS score is currently not available, so the likelihood of exploitation cannot be quantified, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is a network‑based TLS connection where an attacker can influence the key exchange. If RPK support is enabled and the client or server accepts a raw key that was not properly negotiated, the lack of chain validation can be exploited to establish a false secure channel. The fix involves rejecting un‑negotiated raw keys with an UNSUPPORTED_CERTIFICATE error, thereby restoring proper certificate validation.