PT-2026-31865 · Openssl+2 · Openssl+2
Published
2026-04-10
·
Updated
2026-04-11
·
CVE-2026-5501
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
wolfSSL versions prior to 5.9.1
Description
The wolfSSL X509 verify cert function within the OpenSSL compatibility layer does not properly check the signature of a certificate's leaf when an untrusted intermediate certificate with Basic Constraints
CA:FALSE signed by a trusted root is provided. This allows an attacker with a valid certificate from a trusted Certificate Authority (CA), such as Let's Encrypt, to forge a certificate for any subject name and public key.Recommendations
Update to version 5.9.1 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Let'S Encrypt
Openssl
Wolfssl