CVE-2026-55960— OpenSSL 接受未协商的公钥绕过链验证漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-55960 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
证书验证不恰当
来源: 美国国家漏洞数据库 NVD
受影响产品
二、漏洞 CVE-2026-55960 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-55960 的情报信息
请登录查看更多情报信息。
CVE-2026-55960 厂商页面 (1)
CVE-2026-55960 其他参考 (1)
同批安全公告 · wolfSSL · 2026-06-25 · 共 32 条
| CVE-2026-6679 | DTLS 1.3 ACK序列化堆缓冲区溢出漏洞 | |
| CVE-2026-55958 | Renesas TSIP TLS 1.3缓冲区越界写入漏洞 | |
| CVE-2026-55967 | AES-GCM流式API 64GiB累计消息漏洞 | |
| CVE-2026-55961 | wolfSSL wolfssl_PKCS7_verify 签名验证绕过漏洞 | |
| CVE-2026-55962 | TLS 1.3 后握手认证:服务器接受无客户端证书的 Finished | |
| CVE-2026-55964 | 临时CA豁免:中间CA:TRUE无keyCertSign仍被接受为签名CA | |
| CVE-2026-8720 | HMAC-BLAKE2 当密钥长度超过块大小时丢弃消息 | |
| CVE-2026-12340 | SM2/SM3证书主体密钥标识符计算中的堆越界读取漏洞 | |
| CVE-2026-10512 | X25519 x86_64汇编最终归约导致非规范字段元素 | |
| CVE-2026-10097 | ML-KEM-1024 x64 AVX2隐式拒绝失败导致IND-CCA2安全漏洞 | |
| CVE-2026-10098 | wolfSSL wolfSSL_OCSP_resp_find_status OCSP CertID序列号长度混淆漏洞 | |
| CVE-2026-10592 | CA名称约束检查绕过漏洞 | |
| CVE-2026-11310 | wolfSSL X.509验证绕过漏洞 | |
| CVE-2026-11703 | TLS会话恢复缺失SNI/ALPN绑定漏洞 | |
| CVE-2026-11999 | wolfSSL X.509信任链绕过漏洞 | |
| CVE-2026-6329 | PKCS#12 MAC验证使用攻击者控制的比较长度 | |
| CVE-2026-7532 | WolfSSL iPAddress 名称约束未执行漏洞 | |
| CVE-2026-6094 | wc_PKCS7_DecodeEnvelopedData 解析 crafted PKCS7 EnvelopedData 存在堆缓冲区越界读取漏洞 | |
| CVE-2026-6731 | X.509 证书 Subject CN 被当作 DNS 名绕过名称约束 | |
| CVE-2026-6325 | SetSuitesHashSigAlgo 越界写入漏洞 |
显示前 20 条,共 32 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2026-55960
暂无评论