CVE-2026-7511
- EPSS 0.17%
- Veröffentlicht 25.06.2026 21:32:29
- Zuletzt bearbeitet 27.06.2026 19:48:04
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
CVE-2026-7532
- EPSS 0.16%
- Veröffentlicht 25.06.2026 21:31:11
- Zuletzt bearbeitet 01.07.2026 17:16:41
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.
CVE-2026-8720
- EPSS 0.11%
- Veröffentlicht 25.06.2026 21:18:29
- Zuletzt bearbeitet 27.06.2026 19:43:04
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitiali...
CVE-2026-10098
- EPSS 0.12%
- Veröffentlicht 25.06.2026 21:16:45
- Zuletzt bearbeitet 27.06.2026 20:01:35
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared seri...
CVE-2026-11703
- EPSS 0.21%
- Veröffentlicht 25.06.2026 21:15:20
- Zuletzt bearbeitet 27.06.2026 19:59:16
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-...
CVE-2026-55962
- EPSS 0.14%
- Veröffentlicht 25.06.2026 21:12:38
- Zuletzt bearbeitet 27.06.2026 19:57:59
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certifica...
CVE-2026-6092
- EPSS 0.21%
- Veröffentlicht 25.06.2026 21:06:20
- Zuletzt bearbeitet 27.06.2026 19:55:26
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
CVE-2026-6325
- EPSS 0.18%
- Veröffentlicht 25.06.2026 21:04:31
- Zuletzt bearbeitet 27.06.2026 19:51:52
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.
CVE-2026-6329
- EPSS 0.16%
- Veröffentlicht 25.06.2026 21:02:45
- Zuletzt bearbeitet 27.06.2026 19:51:09
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the ...
CVE-2026-6330
- EPSS 0.13%
- Veröffentlicht 25.06.2026 21:01:19
- Zuletzt bearbeitet 27.06.2026 19:50:17
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the ...