Description
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
Published: 2026-06-25
Score: 2.1 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug is in wolfSSL's implementation of encrypt-then-MAC. When the build flag HAVE_ENCRYPT_THEN_MAC is defined, the library is supposed to enforce encrypt-then-MAC but instead can revert to MAC-then-Encrypt. This flaw undermines the authenticated‑encryption guarantee, potentially allowing an attacker to remove or alter the authentication tag without detection. The weakness is classified as CWE‑757, which covers improper cryptographic fallback.

Affected Systems

Affected systems are any installations of the wolfSSL library when built with HAVE_ENCRYPT_THEN_MAC enabled. Version information is not specified, so any build that includes the buggy code path could be vulnerable. Organizations should verify whether their wolfSSL version is compiled with that option and consult vendor releases for a patch.

Risk and Exploitability

The CVSS score of 2.1 indicates a low severity assessment, and EPSS data is not available. The vulnerability is not listed in CISA KEV. Exploitation would require an attacker to influence the cryptographic configuration or the mode selection, which is unlikely to be achieved automatically in a remote network attack. Therefore, the risk is modest, but addressing the issue is prudent to maintain proper cryptographic integrity.

Generated by OpenCVE AI on June 25, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest wolfSSL release that fixes the encrypt‑then‑MAC enforcement.
  • If an immediate upgrade is not possible, disable the HAVE_ENCRYPT_THEN_MAC build option or configure the library to enforce strict encrypt‑then‑MAC usage.
  • Verify the configuration by performing test encrypt‑encrypt operations to ensure MAC‑then‑Encrypt does not occur.

Generated by OpenCVE AI on June 25, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
Title Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured
Weaknesses CWE-757
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-06-25T21:06:20.494Z

Reserved: 2026-04-10T16:06:55.587Z

Link: CVE-2026-6092

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:30:15Z

Weaknesses
  • CWE-757

    Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')