Cyber Resilience

CVE-2026-5479

High

Published: 10 April 2026

Published
10 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 7.6 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5479 is a high-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2026-5479 is a vulnerability in the wolfSSL cryptographic library's EVP layer, specifically affecting the ChaCha20-Poly1305 AEAD decryption path in the wolfSSL_EVP_CipherFinal function and related EVP cipher finalization functions. The issue arises because the implementation computes or accepts the authentication tag during decryption but fails to verify it against the expected value before returning plaintext to the caller. This flaw, classified under CWE-354 (Improper Validation of Integrity Check Value), impacts applications that use the wolfSSL EVP API for ChaCha20-Poly1305 decryption.

An attacker can exploit this vulnerability by supplying a malformed or tampered ciphertext to an application performing ChaCha20-Poly1305 decryption via the affected wolfSSL EVP functions. Since the authentication tag is not properly checked, the application will accept invalid plaintext as authentic, potentially allowing the attacker to decrypt and process forged or modified data without detection. Exploitation requires the attacker to have the ability to provide ciphertext input to the decryption routine, such as in network protocols or file processing scenarios that rely on wolfSSL for this cipher suite.

A pull request addressing the issue is available at https://github.com/wolfSSL/wolfssl/pull/10102, which presumably implements the necessary authentication tag verification fix for the EVP layer's ChaCha20-Poly1305 decryption path. Security practitioners should review and apply this patch to affected wolfSSL versions to mitigate the risk.

EU & UK References

Vulnerability details

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,…

more

the implementation computes or accepts the tag but does not compare it against the expected value.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Auth tag bypass in ChaCha20-Poly1305 decryption directly enables undetected tampering of ciphertext supplied via network protocols, facilitating MITM data manipulation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32105Shared CWE-354
CVE-2026-32313Shared CWE-354
CVE-2023-23120Shared CWE-354
CVE-2024-51141Shared CWE-354
CVE-2022-22781Shared CWE-354
CVE-2023-31438Shared CWE-354
CVE-2023-33668Shared CWE-354
CVE-2026-26275Shared CWE-354
CVE-2022-38956Shared CWE-354
CVE-2025-11543Shared CWE-354

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic integrity protection on transmitted information, directly countering the missing Poly1305 tag verification that allows forged ciphertext to be accepted.

preventdetect

Mandates integrity verification mechanisms for information, which the broken ChaCha20-Poly1305 AEAD path in wolfSSL_EVP_CipherFinal fails to perform.

prevent

Specifies use of validated cryptographic mechanisms for confidentiality and integrity, exposing the incorrect EVP-layer AEAD implementation as non-compliant.

Hardening callouts derived

Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).

Oracle Linux 8 (2 rules)
  • V-248574 YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization. via CWE-354
  • V-248575 OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
Oracle Linux 9 (1 rule)
  • V-271523 OL 9 must check the GPG signature of locally installed software packages before installation. via CWE-354
RHEL 7 (2 rules)
  • V-204447 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
  • V-204448 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
RHEL 8 (2 rules)
  • V-230264 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
  • V-230265 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354

References