CVE-2026-5500
Received Received - Intake
Authentication Tag Length Validation Flaw in wolfSSL AES-GCM Enables MITM Attack

Publication date: 2026-04-10

Last updated on: 2026-04-27

Assigner: wolfSSL Inc.

Description
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5500
EUVD
EUVD-2026-21293
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl to 5.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() function involves improper sanitization of the AES-GCM authentication tag length. Specifically, the function does not enforce a lower bound on the tag length received, allowing an attacker performing a man-in-the-middle attack to truncate the authentication tag from its full 16 bytes down to just 1 byte.

This truncation drastically reduces the strength of the authentication check from 2⁻¹²⁸ to 2⁻⁸, weakening the integrity protection of the encrypted data.

Impact Analysis

This vulnerability can allow an attacker positioned as a man-in-the-middle to weaken the authentication of encrypted data by truncating the AES-GCM authentication tag. This reduces the cryptographic assurance that the data has not been tampered with.

As a result, the attacker could potentially bypass integrity checks, increasing the risk of data forgery or manipulation without detection.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-5500 in wolfSSL, you should upgrade to wolfSSL version 5.9.1 or later, where the issue has been fixed.

The fix includes validating the AES-GCM authentication tag length, enforcing a minimum tag size, and rejecting truncated tags during PKCS7 decode to prevent tag truncation attacks.

Applying this update will prevent man-in-the-middle attackers from truncating the authentication tag and weakening the integrity check.

Compliance Impact

The vulnerability in wolfSSL's AES-GCM authentication tag handling weakens the integrity check by allowing an attacker to truncate the authentication tag, significantly reducing its security strength.

This weakening of cryptographic integrity can lead to potential unauthorized data modification or interception, which may impact compliance with security requirements in common standards and regulations such as GDPR and HIPAA that mandate strong data protection and integrity controls.

By allowing man-in-the-middle attacks to bypass proper authentication tag verification, the vulnerability undermines the confidentiality and integrity assurances expected under these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5500. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart