Description
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.
Published: 2026-06-25
Score: 2.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to forge a cryptographic signature by submitting a zero-length or otherwise truncated HMAC tag that is erroneously accepted as valid during EVP_DigestVerifyFinal verification. As a result, an attacker could have a message falsely authenticated, effectively bypassing integrity checks that rely on HMAC verification. This weaknesses is identified as CWE-347, indicating a failure to properly enforce cryptographic checks. The impact is limited to the integrity of data protected by this verification path, and does not expose confidentiality directly.

Affected Systems

The affected product is wolfSSL, as noted by the CNA vendor/product name. No specific versions are listed in the CNA data, so it is necessary to review the release notes of wolfSSL or consult the vendor for the relevant range affected by the bug.

Risk and Exploitability

The CVSS score of 2.1 indicates a very low overall severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread exploitation at the present time. The most probable attack vector is the provision of a forged signature or HMAC tag to the application. Based on the description, it is inferred that the flaw could be exploited remotely or locally by any entity that can supply input to the HMAC verification routine. However, exploitation requires the attacker to control or influence the signature data, which may limit the attack surface.

Generated by OpenCVE AI on June 25, 2026 at 22:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a wolfSSL release that includes the fix for zero-length HMAC tag validation
  • Verify that the HMAC verification routine enforces an exact tag length equal to the MAC length before performing the cryptographic check
  • If an upgrade cannot be performed immediately, implement an application-layer check to reject signatures shorter than the expected MAC length
  • Consider disabling or removing any code paths that accept zero-length or truncated HMAC tags if they are not required for legitimate operations

Generated by OpenCVE AI on June 25, 2026 at 22:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4683-1 wolfssl security update
History

Fri, 26 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.
Title HMAC zero-length tag forgery in EVP_DigestVerifyFinal
Weaknesses CWE-347
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-06-26T13:53:06.730Z

Reserved: 2026-04-15T03:08:31.649Z

Link: CVE-2026-6331

cve-icon Vulnrichment

Updated: 2026-06-26T13:52:59.059Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T01:15:04Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature