Signer Confusion Vulnerability in wolfSSL from wolfSSL
CVE-2026-7511

5.9MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-7511?

The vulnerability in wolfSSL involves a signer confusion issue related to the PKCS7_verify function, allowing attackers to exploit the mechanism by producing forged signatures. This occurs when the signer associated with a signature is not accurately bound, which can lead to the acceptance of falsified signatures, compromising the integrity of the security protocol.

Affected Version(s)

wolfSSL 3.15.5 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10203

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

Nicholas Carlini from Anthropic

CVE-2026-7511 Data

JSON