CVE-2026-7511
Analyzed Analyzed - Analysis Complete

PKCS7 Verify Signer Confusion Vulnerability

Vulnerability report for CVE-2026-7511, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-27

Assigner: wolfSSL Inc.

Description

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-27
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl From 3.15.5 (inc) to 5.9.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in PKCS7_verify allows forged signatures due to signer confusion, meaning that a signature can be accepted without correctly binding it to the actual signer. This flaw can undermine the integrity and authenticity of digital signatures.

Since digital signatures are often used to ensure data integrity and non-repudiation in compliance with standards like GDPR and HIPAA, this vulnerability could potentially lead to non-compliance by allowing unauthorized or forged signatures to be accepted.

However, the provided information does not explicitly detail the direct impact on compliance with these regulations.

Mitigation Strategies

To mitigate this vulnerability, you should update your wolfSSL library to include the fixes introduced in the pull request merged on April 24, 2026 (PR #10203). This update addresses signer-identity forgery issues in PKCS#7 verification and includes multiple hardening improvements such as additional length validations and bounds checks.

  • Apply the patch or upgrade to the wolfSSL version that contains the PKCS#7 fixes.
  • Review your use of PKCS#7 verification functions to ensure they are not relying on vulnerable versions.
  • Test your system after updating to confirm that the vulnerability is resolved and no regressions occur.
Executive Summary

This vulnerability involves PKCS7_verify where there is a signer confusion issue. It allows forged signatures to be accepted because the signer associated with a signature is not correctly bound, meaning the system can be tricked into accepting a signature that was not actually created by the claimed signer.

Impact Analysis

The impact of this vulnerability is that an attacker could create forged signatures that appear valid. This could lead to acceptance of unauthorized or malicious data, potentially compromising the integrity and authenticity of signed information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7511. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart