Certificate Policy Issues in wolfSSL Affecting SHA-1/MD5 Compliance
CVE-2026-6412

2.3LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-6412?

This vulnerability highlights significant concerns with the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing in wolfSSL. Not adhering to the latest standards outlined in RFC 8446 could expose users to risks associated with cryptographic weaknesses, particularly as these algorithms are increasingly considered insecure. Users are strongly advised to update their wolfSSL implementations to the latest version to mitigate potential security threats related to deprecated certificate handling practices.

Affected Version(s)

wolfSSL 3.9.10 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10222

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Xiangdong Li (Student, Beijing University of Posts and Telecommunications [BUPT])

CVE-2026-6412 Data

JSON

Wolfssl

What is CVE-2026-6412?

Affected Version(s)

References

CVSS V4

Timeline

Credit