CVE-2026-5501
Published: 10 April 2026
Summary
CVE-2026-5501 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-5501 is a high-severity vulnerability (CVSS 8.1, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) in the wolfSSL_X509_verify_cert function within wolfSSL's OpenSSL compatibility layer. The flaw allows acceptance of a malformed certificate chain where the leaf certificate's signature is not verified if an attacker provides an untrusted intermediate certificate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. This issue is confined to applications directly using the OpenSSL compatibility API and does not affect wolfSSL's native TLS handshake path (ProcessPeerCerts). Affected integrations include wolfSSL embedded in nginx and haproxy.
An attacker with low privileges and network access can exploit this by obtaining a legitimate leaf certificate from a trusted CA, such as a free Domain Validation certificate from Let's Encrypt. They can then forge a certificate for any subject name, embed any public key, and include arbitrary signature bytes in the chain. When processed by wolfSSL_X509_verify_cert, the function erroneously returns WOLFSSL_SUCCESS or X509_V_OK, enabling high-impact confidentiality and integrity violations, such as impersonation or man-in-the-middle attacks in compatible applications (CWE-295: Improper Certificate Validation).
Mitigation is addressed in a patch available via the wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/10102, which security practitioners should review and apply to affected wolfSSL versions using the OpenSSL compatibility layer.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21294
Vulnerability details
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who…
more
obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote exploitation of public-facing apps (nginx/haproxy) via malformed cert chains (T1190) and directly facilitates MITM/impersonation by bypassing X.509 validation (T1557).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and patching of the specific flaw in wolfSSL_X509_verify_cert that allows forged certificate chains.
Mandates establishment and management of PKI certificates with defined validation methods to prevent acceptance of malformed chains lacking leaf signature verification.
Requires verification that security functions, including certificate chain validation in the OpenSSL compatibility layer, operate as intended to mitigate improper validation flaws.
Hardening callouts derived
Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).
Oracle Linux 8 (3 rules)
- V-248531 OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. via CWE-295
- V-248574 YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization. via CWE-295
- V-248575 OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-295
RHEL 7 (2 rules)
- V-204447 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-295
- V-204448 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-295
RHEL 8 (2 rules)
- V-230264 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-295
- V-230265 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-295