CVE-2026-5263

Name of the Vulnerable Software and Affected Versions WolfSSL (affected versions not specified)

Description WolfSSL improperly handles URI name constraints from constrained intermediate Certificate Authorities (CAs) during certificate chain verification. The parsing of these constraints occurs, but they are not enforced. This allows a compromised or malicious sub-CA to issue leaf certificates with URI Subject Alternative Name (SAN) entries that violate the name constraints of the issuing CA, and WolfSSL will accept these certificates as valid.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.