CVE-2026-5501
Received Received - Intake
Certificate Forgery via Signature Bypass in wolfSSL OpenSSL API

Publication date: 2026-04-10

Last updated on: 2026-04-27

Assigner: wolfSSL Inc.

Description
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-27
Generated
2026-05-06
AI Q&A
2026-04-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5501
EUVD
EUVD-2026-21294
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl to 5.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the wolfSSL OpenSSL compatibility layer, specifically in the function wolfSSL_X509_verify_cert. It allows an attacker to supply a certificate chain where the leaf certificate's signature is not properly checked if the attacker includes an untrusted intermediate certificate marked with Basic Constraints CA:FALSE that is legitimately signed by a trusted root.

An attacker who has obtained any leaf certificate from a trusted Certificate Authority (for example, a free Domain Validation certificate from Let's Encrypt) can exploit this flaw to forge a certificate for any subject name with any public key and arbitrary signature bytes. The verification function incorrectly returns success (WOLFSSL_SUCCESS / X509_V_OK) despite the forged certificate.

This issue only affects applications that use the OpenSSL compatibility API of wolfSSL directly, such as integrations of wolfSSL into nginx and haproxy. The native wolfSSL TLS handshake path is not vulnerable.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to forge certificates that appear valid to the affected verification function, potentially enabling man-in-the-middle attacks, impersonation of any subject name, and unauthorized access to encrypted communications.

Because the forged certificates are accepted as valid, attackers could intercept or manipulate TLS traffic in applications using the vulnerable wolfSSL OpenSSL compatibility API, such as nginx or haproxy integrations, compromising confidentiality and integrity.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows an attacker to forge certificates that appear valid to applications using the wolfSSL OpenSSL compatibility API, potentially enabling unauthorized access or impersonation.

Such unauthorized access or impersonation could lead to violations of data protection and security requirements mandated by standards like GDPR and HIPAA, which require strong authentication and secure communications.

Therefore, organizations using affected software without mitigation may face increased risk of non-compliance due to weakened certificate validation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart