CVE-2026-11703
Analyzed Analyzed - Analysis Complete

TLS Session Resumption SNI/ALPN Binding Bypass

Vulnerability report for CVE-2026-11703, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-27

Assigner: wolfSSL Inc.

Description

Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption now verifies the SNI/ALPN binding for all paths and declines (falling back to a full handshake) on mismatch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-27
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl From 3.15.0 (inc) to 5.9.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how CVE-2026-11703 affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves missing SNI/ALPN binding checks during TLS session resumption, which can be detected by verifying if TLS session resumptions properly validate SNI and ALPN values.

To detect this on your system, you can monitor TLS session resumptions and check if sessions are resumed with mismatched SNI or ALPN values compared to the original handshake.

While no specific commands are provided in the resources, you can use network analysis tools like Wireshark or tshark to capture TLS handshakes and resumptions, then inspect the SNI and ALPN fields for inconsistencies.

Additionally, reviewing wolfSSL library versions and patches applied can help confirm if the fix for this vulnerability (pull request #10489) is present.

Mitigation Strategies

The immediate mitigation step is to update the wolfSSL library to a version that includes the fix for CVE-2026-11703.

The fix ensures that during TLS session resumption, SNI and ALPN values are properly validated, preventing resumption under mismatched contexts.

Applying the patch from pull request #10489 or upgrading to a version of wolfSSL that contains this patch will mitigate the vulnerability.

Executive Summary

This vulnerability involves a missing Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN) binding during stateful (session-ID) resumption in TLS connections. Previously, the binding check was only performed for ticket-based resumption, allowing a cached session to be resumed under a different SNI or ALPN than originally negotiated.

As a result, if client-authentication policies differ across virtual hosts, the cached peer-authentication state could be carried into a context it was not intended for. The fix ensures that resumption verifies the SNI/ALPN binding for all resumption paths and declines resumption (falling back to a full handshake) if there is a mismatch.

Impact Analysis

This vulnerability can allow a cached TLS session to be resumed under a different server name or protocol than originally negotiated. If client-authentication policies vary between virtual hosts, this could lead to unauthorized reuse of authentication states in unintended contexts.

Such behavior might enable attackers to bypass certain authentication restrictions or gain access to resources by exploiting the incorrect session resumption, potentially compromising the security of communications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11703. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart