CVE-2026-5501

NameCVE-2026-5501
DescriptionwolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1133835

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bullseye4.6.0+p1-0+deb11u2vulnerable
bookworm5.5.4-2+deb12u2vulnerable
trixie5.7.2-0.1+deb13u1vulnerable
forky, sid5.9.1-0.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wolfsslsource(unstable)5.9.1-0.11133835

Notes

[trixie] - wolfssl <no-dsa> (Minor issue)
[bookworm] - wolfssl <no-dsa> (Minor issue)
[bullseye] - wolfssl <postponed> (Minor issue)
https://github.com/wolfSSL/wolfssl/pull/10102
Fixed by (merge): https://github.com/wolfSSL/wolfssl/commit/32502e9963a1db43fa42bd1e6edaa27fd8168ad9 (v5.9.1-stable)
Search for package or bug name: Reporting problems