Matan Radomski

**Name of the Vulnerable Software and Affected Versions** wolfssl-py versions up to and including 5.8.2 **Description** A flaw exists in the handling of `verify mode = CERT REQUIRED` within the wolfssl Python package (wolfssl-py). The absence of the `WOLFSSL VERIFY FAIL IF NO PEER CERT` flag causes the software to behave as if `CERT OPTIONAL` is enabled, meaning a peer certificate is verified if presented, but connections are incorrectly authenticated when no client certificate is provided. This results in improper authentication, potentially allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake. **Recommendations** Versions up to and including 5.8.2 should be updated to a newer version that includes the `WOLFSSL VERIFY FAIL IF NO PEER CERT` flag when `verify mode = CERT REQUIRED` is used.