CVE-2026-5500
Authentication Tag Length Validation Flaw in wolfSSL AES-GCM Enables MITM Attack
Publication date: 2026-04-10
Last updated on: 2026-04-27
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() function involves improper sanitization of the AES-GCM authentication tag length. Specifically, the function does not enforce a lower bound on the tag length received, allowing an attacker performing a man-in-the-middle attack to truncate the authentication tag from its full 16 bytes down to just 1 byte.
This truncation drastically reduces the strength of the authentication check from 2⁻¹²⁸ to 2⁻⁸, weakening the integrity protection of the encrypted data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in wolfSSL's AES-GCM authentication tag handling weakens the integrity check by allowing an attacker to truncate the authentication tag, significantly reducing its security strength.
This weakening of cryptographic integrity can lead to potential unauthorized data modification or interception, which may impact compliance with security requirements in common standards and regulations such as GDPR and HIPAA that mandate strong data protection and integrity controls.
By allowing man-in-the-middle attacks to bypass proper authentication tag verification, the vulnerability undermines the confidentiality and integrity assurances expected under these regulations.
How can this vulnerability impact me? :
This vulnerability can allow an attacker positioned as a man-in-the-middle to weaken the authentication of encrypted data by truncating the AES-GCM authentication tag. This reduces the cryptographic assurance that the data has not been tampered with.
As a result, the attacker could potentially bypass integrity checks, increasing the risk of data forgery or manipulation without detection.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-5500 in wolfSSL, you should upgrade to wolfSSL version 5.9.1 or later, where the issue has been fixed.
The fix includes validating the AES-GCM authentication tag length, enforcing a minimum tag size, and rejecting truncated tags during PKCS7 decode to prevent tag truncation attacks.
Applying this update will prevent man-in-the-middle attackers from truncating the authentication tag and weakening the integrity check.