CVE-2026-6092
Analyzed Analyzed - Analysis Complete

Encrypt-then-MAC Bypass in wolfSSL

Vulnerability report for CVE-2026-6092, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-27

Assigner: wolfSSL Inc.

Description

When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-27
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl From 5.2.0 (inc) to 5.9.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-757 A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of CVE-2026-6092 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability occurs when the HAVE_ENCRYPT_THEN_MAC configuration is enabled. Instead of enforcing the Encrypt-then-MAC approach, the implementation could incorrectly fall back to using MAC-then-Encrypt.

Impact Analysis

The fallback from Encrypt-then-MAC to MAC-then-Encrypt can weaken the security guarantees of the cryptographic process, potentially exposing encrypted data to certain types of cryptographic attacks that Encrypt-then-MAC is designed to prevent.

Detection Guidance

This vulnerability relates to the wolfSSL library's handling of TLS 1.2 encrypt-then-MAC (ETM) negotiation, specifically when a session resumption attempt fails and ETM is incorrectly disabled.

Detection would involve verifying whether the wolfSSL library in use is affected by this bug, particularly by checking if ETM is disabled during failed session resumption attempts.

Since the issue is internal to the wolfSSL library's TLS handshake logic, direct network detection commands are not explicitly provided.

However, you can monitor TLS handshake behavior and session resumption attempts using network analysis tools like Wireshark to check if ETM is being enforced properly.

Additionally, reviewing the wolfSSL version and patch level on your systems is critical. Commands to check the wolfSSL version or library build info on your system may help identify if the vulnerable version is in use.

Mitigation Strategies

The immediate mitigation step is to update the wolfSSL library to a version that includes the fix for CVE-2026-6092.

The fix was merged on April 9, 2026, and involves changes to the TLS handshake logic to ensure ETM remains enabled even when session resumption data is missing.

Applying this update will prevent the fallback to MAC-then-Encrypt and enforce the correct Encrypt-then-MAC behavior.

Until the update can be applied, consider disabling session resumption features if feasible, to avoid triggering the fallback condition.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart