CVE-2026-5479
Authentication Bypass in wolfSSL EVP ChaCha20-Poly1305 Decryption
Publication date: 2026-04-10
Last updated on: 2026-04-29
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-354 | The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in wolfSSL's EVP layer, specifically in the ChaCha20-Poly1305 AEAD decryption path within the function wolfSSL_EVP_CipherFinal and related EVP cipher finalization functions.
The issue is that the decryption process fails to verify the authentication tag before returning the plaintext to the caller. Although the implementation computes or accepts the tag, it does not compare it against the expected value, which means the integrity and authenticity of the decrypted data are not properly checked.
How can this vulnerability impact me? :
Because the authentication tag is not verified during decryption, an attacker could potentially manipulate ciphertext without detection, leading to the acceptance of tampered or forged data as valid plaintext.
This undermines the security guarantees of the ChaCha20-Poly1305 AEAD encryption scheme, potentially allowing unauthorized data modification or injection, which can compromise data integrity and confidentiality.