CVE-2026-55962
Received Received - Intake
TLS 1.3 Post-Handshake Authentication Bypass in wolfSSL

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: wolfSSL Inc.

Description
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, but it was also being applied while a post-handshake CertificateRequest was still outstanding. The check is now scoped to the initial handshake only: on the server, once a post-handshake CertificateRequest has been sent (certReqCtx is set), a peer certificate and a valid CertificateVerify are required again before the Finished is accepted, with empty-certificate handling following the configured verify mode (FAIL_IF_NO_PEER_CERT) just as during first-handshake client authentication. Only affects TLS 1.3 servers built with post-handshake authentication support (WOLFSSL_POST_HANDSHAKE_AUTH / --enable-postauth, included in --enable-all) that enable WOLFSSL_VERIFY_POST_HANDSHAKE and request a client certificate after the handshake via wolfSSL_request_certificate(). Clients, and servers that do not use post-handshake authentication, are unaffected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-55962
EUVD
EUVD-2026-39575
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl From 1.3.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves TLS 1.3 post-handshake authentication (PHA) where a server could incorrectly accept a client's Finished message without the client having sent a Certificate and CertificateVerify messages. The issue arises because the exemption that allows an empty or absent peer certificate was intended only for the initial handshake, but it was mistakenly applied during a post-handshake CertificateRequest as well.

The fix scopes this exemption to the initial handshake only. After a post-handshake CertificateRequest has been sent, the server requires a peer certificate and a valid CertificateVerify before accepting the Finished message. This vulnerability only affects TLS 1.3 servers built with post-handshake authentication support that enable specific verification modes and request client certificates after the handshake.

Impact Analysis

This vulnerability could allow a client to bypass proper client certificate verification during post-handshake authentication, potentially enabling unauthorized access or impersonation. Since the server might accept a Finished message without verifying the client's certificate, it could undermine the authentication process and reduce the security guarantees of TLS 1.3 connections.

Mitigation Strategies

To mitigate this vulnerability, ensure that your TLS 1.3 server is not built with post-handshake authentication support enabled unless necessary.

Specifically, avoid enabling WOLFSSL_POST_HANDSHAKE_AUTH or the --enable-postauth option, and do not enable WOLFSSL_VERIFY_POST_HANDSHAKE if you request client certificates after the handshake.

If post-handshake authentication is required, ensure that the server enforces that a peer certificate and a valid CertificateVerify message are received before accepting the client's Finished message during post-handshake authentication.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55962. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart