EUVD-2026-21292
GHSA-3xr8-r75g-g9c6
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.
Analysis
ChaCha20-Poly1305 AEAD decryption in wolfSSL's EVP layer bypasses authentication tag verification, allowing unauthenticated adjacent attackers to inject arbitrary ciphertext that is decrypted and returned as plaintext without cryptographic validation. Affects wolfSSL versions prior to 5.9.1. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all applications and services using wolfSSL versions prior to 5.9.1, prioritizing production systems handling encrypted communications. Within 7 days: Upgrade wolfSSL to version 5.9.1 or later across all affected systems; test ChaCha20-Poly1305 decryption workflows post-upgrade. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today