CVE-2026-11310— X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11310
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
Source: NVD (National Vulnerability Database)
Vulnerability Description
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509_verify_cert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-11310
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11310
请登录查看更多情报信息。
Vendor Pages for CVE-2026-11310 (1)
Other References for CVE-2026-11310 (1)
Same Patch Batch · wolfSSL · 2026-06-25 · 32 CVEs total
| CVE-2026-6679 | DTLS 1.3 ACK serialization heap buffer overflow via integer truncation | |
| CVE-2026-55958 | Renesas TSIP TLS 1.3 transcript buffer out-of-bounds write in tsip_StoreMessage | |
| CVE-2026-55960 | Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain valida | |
| CVE-2026-55967 | AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter | |
| CVE-2026-55961 | wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer | |
| CVE-2026-55962 | TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/ | |
| CVE-2026-55964 | Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exem | |
| CVE-2026-8720 | HMAC-BLAKE2 final discards message when key length exceeds block size | |
| CVE-2026-12340 | Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation | |
| CVE-2026-10512 | X25519 x86_64 assembly final reduction leaves non-canonical field element | |
| CVE-2026-10097 | ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static p | |
| CVE-2026-10098 | OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status | |
| CVE-2026-10592 | Wildcard DNS SAN bypasses CA name-constraint checks | |
| CVE-2026-11703 | Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption | |
| CVE-2026-11999 | X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert() | |
| CVE-2026-6329 | PKCS#12 MAC verification uses attacker-controlled comparison length | |
| CVE-2026-7532 | iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined | |
| CVE-2026-6094 | Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData | |
| CVE-2026-6731 | X.509 name constraint bypass via Subject CN treated as a DNS name | |
| CVE-2026-6325 | Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: wolfSSL
- CVE-2026-7511
PKCS7_verify signer confusion allows forged signatures to be - CVE-2026-7532
iPAddress name constraints not enforced when WOLFSSL_IP_ALT_ - CVE-2026-8720
HMAC-BLAKE2 final discards message when key length exceeds b - CVE-2026-10098
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_r - CVE-2026-11703
Missing SNI/ALPN binding on stateful (session-ID) TLS sessio
Same vendor: wolfSSL
- CVE-2026-7511
PKCS7_verify signer confusion allows forged signatures to be - CVE-2026-7532
iPAddress name constraints not enforced when WOLFSSL_IP_ALT_ - CVE-2026-8720
HMAC-BLAKE2 final discards message when key length exceeds b - CVE-2026-10098
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_r - CVE-2026-11703
Missing SNI/ALPN binding on stateful (session-ID) TLS sessio
Same weakness: CWE-295
- CVE-2026-7532
iPAddress name constraints not enforced when WOLFSSL_IP_ALT_ - CVE-2026-10098
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_r - CVE-2026-6450
CRL critical extension bypass in ParseCRL_Extensions - CVE-2026-6731
X.509 name constraint bypass via Subject CN treated as a DNS - CVE-2026-10592
Wildcard DNS SAN bypasses CA name-constraint checks
V. Comments for CVE-2026-11310
No comments yet