CVE-2026-55960
Undergoing Analysis Undergoing Analysis - In Progress
Raw Public Key Bypass in wolfSSL

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: wolfSSL Inc.

Description
Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-55960
EUVD
EUVD-2026-39545
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wolfssl wolfssl From 3.0.0 (inc)
wolfssl wolfssl 5.9.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the acceptance of an un-negotiated Raw Public Key (RPK) in place of an X.509 certificate, which bypasses the usual chain validation process. Normally, a raw public key has no certificate chain, so the function ParseCertRelative() accepts it without performing any trust verification. This acceptance should only happen if RPK was explicitly negotiated for that peer. The vulnerability arises because if no certificate type is negotiated, the system defaults to expecting an X.509 certificate, but previously it could accept an un-negotiated raw public key, leading to a security bypass.

The fix enforces that when no certificate type is negotiated, the expected type defaults to X.509 as per RFC 7250 and RFC 8446. Any mismatch, including receiving an un-negotiated raw public key, is rejected with an UNSUPPORTED_CERTIFICATE error. This issue only affects builds of wolfSSL with Raw Public Key support enabled (HAVE_RPK), which is disabled by default in standalone builds but included when using --enable-all.

Impact Analysis

This vulnerability can allow an attacker to bypass the normal certificate chain validation by presenting a raw public key that was not negotiated, potentially leading to acceptance of an untrusted or malicious key. This undermines the trust model of TLS connections, possibly enabling man-in-the-middle attacks or unauthorized access by impersonating a legitimate server or client.

Mitigation Strategies

To mitigate this vulnerability, ensure that your wolfSSL library is updated to version 5.9.2 or later, which includes fixes that enforce stricter validation of negotiated certificate types and reject un-negotiated raw public keys.

Additionally, verify that Raw Public Key (RPK) support (HAVE_RPK) is disabled if not explicitly needed, as it is disabled by default in standalone builds but enabled with the --enable-all option.

Compliance Impact

The vulnerability involves accepting an un-negotiated Raw Public Key (RPK) in place of an X.509 certificate, bypassing chain validation and trust verification. This flaw could potentially allow unauthorized or untrusted entities to be accepted as valid peers, undermining the security guarantees of the TLS communication.

Since standards and regulations like GDPR and HIPAA require strong protection of data in transit, including proper authentication and encryption, this vulnerability could negatively impact compliance by weakening the trust model of TLS connections. Improper certificate validation may lead to exposure of sensitive data or unauthorized access.

However, the fix enforces default acceptance of only X.509 certificates unless RPK was explicitly negotiated, rejecting un-negotiated RPKs. This correction aligns with RFC 7250 and RFC 8446, restoring proper certificate validation and helping maintain compliance with security requirements in common standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55960. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart