Skip to main content

wolfSSL CVE-2026-6331

| EUVDEUVD-2026-39565 LOW
Improper Verification of Cryptographic Signature (CWE-347)
2026-06-25 wolfSSL GHSA-5hpf-pc4x-3jcf
2.1
CVSS 4.0 · Vendor: wolfSSL

Severity by source

Vendor (wolfSSL) PRIMARY
2.1 LOW
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.7 LOW

AV:N reflects network-facing JWT and auth service use cases; AC:H captures OPENSSL_EXTRA build prerequisite; no confidentiality or availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (wolfSSL).

CVSS VectorVendor: wolfSSL

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 21:52 vuln.today
Analysis Generated
Jun 25, 2026 - 21:52 vuln.today

DescriptionCVE.org

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.

AnalysisAI

HMAC tag forgery in wolfSSL's OpenSSL-compatibility layer allows a zero-length or arbitrarily truncated HMAC tag to pass verification in EVP_DigestVerifyFinal, undermining message authentication for any application relying on this API path. Applications compiled with the OPENSSL_EXTRA flag that use EVP_DigestVerifyFinal for HMAC verification - including JWT validation libraries and message authentication flows - are affected across all currently-known wolfSSL versions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify wolfSSL OPENSSL_EXTRA deployment
Delivery
Locate HMAC-verified message/token endpoint
Exploit
Craft message with zero-length HMAC tag
Execution
Submit to EVP_DigestVerifyFinal
Persist
Bypass integrity check
Impact
Forge authenticated message

Vulnerability AssessmentAI

Exploitation The target application must be compiled against wolfSSL with the OPENSSL_EXTRA build-time flag explicitly set, and must not have NO_HMAC or NO_SHA256 disabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 4.0 vector scores this at 2.1 (Low): AV:L/AC:H/AT:P/PR:N/UI:N with integrity-only impact (VI:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker targeting a network-accessible service that uses wolfSSL with OPENSSL_EXTRA for JWT or HMAC-based message authentication submits a crafted token or message with a zero-length or empty HMAC signature field. The vulnerable EVP_DigestVerifyFinal code path accepts the zero-length tag as valid because the length check does not require equality with the full MAC size, causing the application to treat the unauthenticated message as legitimately signed. …
Remediation The upstream fix is available as GitHub PR #10192 at https://github.com/wolfSSL/wolfssl/pull/10192, which enforces strict tag-length equality in EVP_DigestVerifyFinal. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-6331 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy