EUVD-2026-21294
GHSA-hg75-4cmp-f367
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
Analysis
Certificate chain validation bypass in wolfSSL's OpenSSL compatibility layer allows authenticated network attackers to forge arbitrary certificates. Attackers possessing any legitimate leaf certificate from a trusted CA can craft fraudulent certificates for any subject name with arbitrary keys, bypassing signature verification when an untrusted CA:FALSE intermediate is inserted. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all nginx and HAProxy instances using wolfSSL instead of OpenSSL; verify wolfSSL version and OpenSSL compatibility layer status in production via 'strings' or version inspection. Within 7 days: contact wolfSSL (Linuxppc/stm32) for patch timeline and interim guidance; implement network segmentation to restrict certificate-issuing traffic if feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today