Description

wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.

INFO

Published Date :

2026-04-10T03:07:39.604Z

Last Modified :

2026-04-10T13:43:04.704Z

Source :

wolfSSL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5501 vulnerability.

Vendors Products
Wolfssl
  • Wolfssl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5501.

URL Resource
https://github.com/wolfSSL/wolfssl/pull/10102 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability