Signature Validation Bypass in wolfSSL Affecting OpenSSL Integrations
CVE-2026-5501

8.6HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-5501?

The wolfSSL library's OpenSSL compatibility layer is vulnerable to a certificate signature validation bypass. This vulnerability occurs when the wolfSSL_X509_verify_cert function accepts a certificate chain where the leaf certificate's signature is not adequately verified. An attacker can exploit this flaw by providing an untrusted intermediate certificate that possesses Basic Constraints set to 'CA:FALSE' and is signed by a trusted root certificate. This allows the attacker to forge a valid certificate for any subject name using any public key, undermining the integrity of secure connections using wolfSSL in applications that rely on the OpenSSL compatibility API, such as nginx and haproxy.

Affected Version(s)

wolfSSL 0 <= 5.9.0

References

https://github.com/wolfSSL/wolfssl/pull/10102

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 3, 2026

Credit

Calif.io in collaboration with Claude and Anthropic Research

CVE-2026-5501 Data

JSON

Wolfssl

What is CVE-2026-5501?

Affected Version(s)

References

CVSS V4

Timeline

Credit