Improperly Configured Intermediate CA in WolfSSL
CVE-2026-55964

6.3MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-55964?

An improper configuration allows intermediate CA certificates to assert keyCertSign capabilities without actually having the necessary key usage due to exemptions previously applied to temporary CAs. This opens a potential path for misuse in certificate signing processes. The new enforcement now applies universally, ensuring stricter validation for chain-supplied temporary CAs while maintaining exemptions for operator-loaded root certificates and self-signed roots. This improves compliance with RFC 5280 and enhances the security profile of connecting applications.

Affected Version(s)

wolfSSL 5.7.4 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10702

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 17, 2026

Credit

NVIDIA Project Vanessa

CVE-2026-55964 Data

JSON

Wolfssl

What is CVE-2026-55964?

Affected Version(s)

References

CVSS V4

Timeline

Credit