Weakness in PKCS#12 MAC Verification in WolfSSL Products
CVE-2026-6329

6MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-6329?

The vulnerability in PKCS#12 MAC verification arises from a flaw in length comparison, where an attacker can manipulate the comparison length used during the integrity check. This leads to a situation where a mismatched MAC can be wrongly accepted, undermining the integrity of the MAC. When the PKCS#12 verify path computes the HMAC locally, it compares it to the MAC retrieved from the PKCS#12 file, using a length determined by attacker-controlled input. This can allow for acceptance of truncated or incorrectly specified MACs, negating the intended security protections.

Affected Version(s)

wolfSSL 3.10.0 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10192

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Nicholas Carlini from Anthropic

CVE-2026-6329 Data

JSON

Wolfssl

What is CVE-2026-6329?

Affected Version(s)

References

CVSS V4

Timeline

Credit