PT-2026-1769 · Pypi · Wolfssl-Py
Matan Radomski
·
Published
2026-01-07
·
Updated
2026-01-09
·
CVE-2025-15346
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
wolfssl-py versions up to and including 5.8.2
Description
A flaw exists in the handling of
verify mode = CERT REQUIRED within the wolfssl Python package (wolfssl-py). The absence of the WOLFSSL VERIFY FAIL IF NO PEER CERT flag causes the software to behave as if CERT OPTIONAL is enabled, meaning a peer certificate is verified if presented, but connections are incorrectly authenticated when no client certificate is provided. This results in improper authentication, potentially allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.Recommendations
Versions up to and including 5.8.2 should be updated to a newer version that includes the
WOLFSSL VERIFY FAIL IF NO PEER CERT flag when verify mode = CERT REQUIRED is used.Fix
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wolfssl-Py