Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-5501— Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates

EPSS 0.02% · P6
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-5501

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Source: NVD (National Vulnerability Database)
Vulnerability Description
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
wolfSSL 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
wolfSSL(CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL存在安全漏洞,该漏洞源于OpenSSL兼容层中的wolfSSL_X509_verify_cert函数在攻击者提供由受信任根合法签名但Basic Constraints为CA:FALSE的不可信中间证书时,不会检查叶子证书的签名,可能导致攻击者伪造任意主题名称和公钥的证书。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
wolfSSLwolfSSL 0 ~ 5.9.0 -

II. Public POCs for CVE-2026-5501

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-5501

登录查看更多情报信息。

Same Patch Batch · wolfSSL · 2026-04-10 · 6 CVEs total

CVE-2026-5479wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
CVE-2026-5188Integer underflow in X.509 SAN parsing in wolfSSL
CVE-2026-5466wc_VerifyEccsiHash missing sanity check
CVE-2026-5477Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
CVE-2026-5500Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authent

IV. Related Vulnerabilities

Same product: wolfSSL
Same vendor: wolfSSL
Same weakness: CWE-295

V. Comments for CVE-2026-5501

No comments yet

Leave a comment