Skip to main content

wolfSSL CVE-2026-6412

| EUVDEUVD-2026-39560 LOW
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-06-25 wolfSSL GHSA-w3gw-f9wr-g6qx
2.3
CVSS 4.0 · Vendor: wolfSSL

Severity by source

Vendor (wolfSSL) PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
vuln.today AI
3.1 LOW

Network vector for TLS certificate processing, high complexity due to MitM or chain-influence requirement, low privilege to interact with certificate path; integrity-only low impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (wolfSSL).

CVSS VectorVendor: wolfSSL

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 21:20 vuln.today
Analysis Generated
Jun 25, 2026 - 21:20 vuln.today

DescriptionCVE.org

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.

AnalysisAI

wolfSSL's certificate chain verification accepted MD5-signed certificates when MD5 was compiled in for any purpose (e.g., TLS 1.0 PRF or HMAC), violating RFC 8446 compliance and the fundamental prohibition on broken hash algorithms in certificate signatures. An attacker with low-level positioning who can influence the certificate chain presented to a wolfSSL-based application could potentially bypass chain integrity checks by presenting an MD5-signed leaf certificate. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify wolfSSL target with MD5 compiled in
Delivery
Obtain or forge MD5-signed leaf certificate
Exploit
Relay forged certificate during TLS handshake
Execution
wolfSSL verify mode accepts MD5 signature
Impact
Certificate chain accepted without proper integrity check

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following: (1) the target application links against wolfSSL compiled with MD5 support enabled (`NO_MD5` not defined at build time); (2) the attacker can control or influence the certificate chain evaluated by wolfSSL's certificate manager during chain verification; (3) the wolfSSL build does not include the upstream fix from PR #10222. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 2.3 (AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N) is consistent with the limited real-world threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker positioned as a network MitM against a wolfSSL-based TLS client - or able to relay traffic through a controlled intermediate - could present an MD5-signed leaf certificate during the TLS handshake. On an unpatched wolfSSL build with MD5 compiled in, the certificate manager would pass the MD5-signed chain through verification, potentially allowing server impersonation. …
Remediation Rebuild wolfSSL using the patched source code from GitHub PR #10222 (https://github.com/wolfSSL/wolfssl/pull/10222), which adds MD5 rejection logic in `HashForSignature()` for certificate verify mode. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-13099 HIGH POC
7.5 Dec 13

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange i

CVE-2017-2800 CRITICAL POC
9.8 May 24

A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting

CVE-2015-6925 HIGH POC
7.5 Jan 22

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or tra

CVE-2022-39173 HIGH POC
7.5 Sep 29

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. Rated high severity (

CVE-2022-38152 HIGH POC
7.5 Aug 31

An issue was discovered in wolfSSL before 5.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita

CVE-2020-11713 HIGH POC
7.5 Apr 12

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. Ra

CVE-2019-18840 HIGH POC
7.5 Nov 09

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data wh

CVE-2020-15309 HIGH POC
7.0 Aug 21

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0).

CVE-2020-24613 MEDIUM POC
6.8 Aug 24

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in t

CVE-2015-7744 MEDIUM POC
5.9 Jan 22

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CR

CVE-2022-38153 MEDIUM POC
5.9 Aug 31

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is e

CVE-2021-37155 CRITICAL
9.8 Jul 21

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request di

Share

CVE-2026-6412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy