Known Vulnerabilities for products from Wolfssl
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Wolfssl".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55967 json | AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by th... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-55964 json | Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have th... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-55962 json | TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client ... | Not Provided | 2026-06-25 | 2026-06-27 |
| CVE-2026-55961 json | wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object ... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-55960 json | Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public k... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-55958 json | Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fix... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-54919 json | Not Provided | 2026-07-10 | 2026-07-14 | |
| CVE-2026-12340 json | Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signatu... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-11999 json | X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert(... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-11703 json | Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket... | Not Provided | 2026-06-25 | 2026-06-27 |
| CVE-2026-11310 json | Not Provided | 2026-06-25 | 2026-06-26 | |
| CVE-2026-10592 json | Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DN... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-10512 json | The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the ... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-10098 json | OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial ... | Not Provided | 2026-06-25 | 2026-06-27 |
| CVE-2026-10097 json | wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fu... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-8720 json | wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC t... | Not Provided | 2026-06-25 | 2026-06-27 |
| CVE-2026-7532 json | iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in th... | Not Provided | 2026-06-25 | 2026-07-01 |
| CVE-2026-7531 json | Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a ... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-7511 json | PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, ... | Not Provided | 2026-06-25 | 2026-06-27 |
| CVE-2026-6731 json | X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN viol... | Not Provided | 2026-06-25 | 2026-06-27 |