X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_cert() returned success based only on the last verified link rather than on reaching a trust anchor: when the supplied chain is deeper than the verifier's maximum path depth (default 100), path building runs out of depth while still walking untrusted intermediates and the chain is accepted even though it never reaches a configured trust anchor, allowing acceptance of an attacker-controlled certificate. The default TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only applications doing manual or deferred verification through this API are.
References
| Link | Resource |
|---|---|
| https://github.com/wolfSSL/wolfssl/pull/10674 | Issue Tracking Patch |
| https://www.wolfssl.com/docs/security-vulnerabilities/ | Vendor Advisory |
Configurations
History
26 Jun 2026, 16:50
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* | |
| References | () https://github.com/wolfSSL/wolfssl/pull/10674 - Issue Tracking, Patch | |
| References | () https://www.wolfssl.com/docs/security-vulnerabilities/ - Vendor Advisory | |
| First Time |
Wolfssl wolfssl
Wolfssl |
25 Jun 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 18:16
Updated : 2026-06-26 16:50
NVD link : CVE-2026-11999
Mitre link : CVE-2026-11999
CVE.ORG link : CVE-2026-11999
JSON object : View
Products Affected
wolfssl
- wolfssl
CWE
CWE-295
Improper Certificate Validation
