CVE-2026-5479
Published: 10 April 2026
Summary
CVE-2026-5479 is a high-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2026-5479 is a vulnerability in the wolfSSL cryptographic library's EVP layer, specifically affecting the ChaCha20-Poly1305 AEAD decryption path in the wolfSSL_EVP_CipherFinal function and related EVP cipher finalization functions. The issue arises because the implementation computes or accepts the authentication tag during decryption but fails to verify it against the expected value before returning plaintext to the caller. This flaw, classified under CWE-354 (Improper Validation of Integrity Check Value), impacts applications that use the wolfSSL EVP API for ChaCha20-Poly1305 decryption.
An attacker can exploit this vulnerability by supplying a malformed or tampered ciphertext to an application performing ChaCha20-Poly1305 decryption via the affected wolfSSL EVP functions. Since the authentication tag is not properly checked, the application will accept invalid plaintext as authentic, potentially allowing the attacker to decrypt and process forged or modified data without detection. Exploitation requires the attacker to have the ability to provide ciphertext input to the decryption routine, such as in network protocols or file processing scenarios that rely on wolfSSL for this cipher suite.
A pull request addressing the issue is available at https://github.com/wolfSSL/wolfssl/pull/10102, which presumably implements the necessary authentication tag verification fix for the EVP layer's ChaCha20-Poly1305 decryption path. Security practitioners should review and apply this patch to affected wolfSSL versions to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21292
Vulnerability details
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,…
more
the implementation computes or accepts the tag but does not compare it against the expected value.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth tag bypass in ChaCha20-Poly1305 decryption directly enables undetected tampering of ciphertext supplied via network protocols, facilitating MITM data manipulation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires cryptographic integrity protection on transmitted information, directly countering the missing Poly1305 tag verification that allows forged ciphertext to be accepted.
Mandates integrity verification mechanisms for information, which the broken ChaCha20-Poly1305 AEAD path in wolfSSL_EVP_CipherFinal fails to perform.
Specifies use of validated cryptographic mechanisms for confidentiality and integrity, exposing the incorrect EVP-layer AEAD implementation as non-compliant.
Hardening callouts derived
Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).
Oracle Linux 8 (2 rules)
- V-248574 YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization. via CWE-354
- V-248575 OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
Oracle Linux 9 (1 rule)
- V-271523 OL 9 must check the GPG signature of locally installed software packages before installation. via CWE-354
RHEL 7 (2 rules)
- V-204447 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
- V-204448 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
RHEL 8 (2 rules)
- V-230264 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354
- V-230265 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-354