Description
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
Published: 2026-06-25
Score: 2.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug is in wolfSSL's implementation of encrypt-then-MAC. When the build flag HAVE_ENCRYPT_THEN_MAC is defined, the library is supposed to enforce encrypt-then-MAC but instead can revert to MAC-then-Encrypt. This flaw undermines the authenticated‑encryption guarantee, potentially allowing an attacker to remove or alter the authentication tag without detection. The weakness is classified as CWE‑757, which covers improper cryptographic fallback.

Affected Systems

Affected systems are any installations of the wolfSSL library when built with HAVE_ENCRYPT_THEN_MAC enabled. Version information is not specified, so any build that includes the buggy code path could be vulnerable. Organizations should verify whether their wolfSSL version is compiled with that option and consult vendor releases for a patch.

Risk and Exploitability

The CVSS score of 2.1 indicates a low severity assessment, and EPSS data is not available. The vulnerability is not listed in CISA KEV. Exploitation would require an attacker to influence the cryptographic configuration or the mode selection, which is unlikely to be achieved automatically in a remote network attack. Therefore, the risk is modest, but addressing the issue is prudent to maintain proper cryptographic integrity.

Generated by OpenCVE AI on June 25, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest wolfSSL release that fixes the encrypt‑then‑MAC enforcement.
  • If an immediate upgrade is not possible, disable the HAVE_ENCRYPT_THEN_MAC build option or configure the library to enforce strict encrypt‑then‑MAC usage.
  • Verify the configuration by performing test encrypt‑encrypt operations to ensure MAC‑then‑Encrypt does not occur.

Generated by OpenCVE AI on June 25, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4683-1 wolfssl security update
History

Fri, 26 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
Title Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured
Weaknesses CWE-757
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear'}


cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-06-26T10:25:01.830Z

Reserved: 2026-04-10T16:06:55.587Z

Link: CVE-2026-6092

cve-icon Vulnrichment

Updated: 2026-06-26T10:24:57.459Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T01:15:04Z

Weaknesses
  • CWE-757

    Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')