PT-2026-26321 · Wolfssl · Wolfssl
Kai Tian
·
Publicado
2026-03-19
·
Atualizado
2026-05-01
·
CVE-2026-2645
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
wolfSSL versions prior to 5.8.4
Description
A flaw existed in the TLS 1.2 server state machine implementation where the server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message was received. This issue affects versions prior to 5.8.4. Version 5.8.4 detects the issue later in the handshake, and 5.9.0 further hardens the process to catch the issue earlier.
Recommendations
Update to wolfSSL version 5.8.4 or later.
Correção
Improperly Implemented Security Check for Standard
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wolfssl