Multiple newly disclosed vulnerabilities in the wolfSSL embedded TLS library expose billions of servers and Internet of Things (IoT) devices to potential certificate forgery, remote code execution, and denial-of-service attacks if left unpatched.
These flaws undermine core trust mechanisms in TLS, enabling attackers to bypass certificate validation, exploit buffer overflows, and weaken post‑quantum and modern cryptographic protections in widely deployed environments.
wolfSSL is a lightweight SSL/TLS implementation embedded in web servers, VPNs, industrial controllers, automotive systems, and constrained IoT devices.
Because SSL/TLS secures communications among billions of computers, servers, and embedded systems, any systemic weakness in wolfSSL can have a broad, internet-scale impact.
Many projects also use wolfCrypt, wolfSSL’s cryptographic engine, which inherits a number of the reported flaws.
Several high‑severity CVEs describe trust‑chain bypass vulnerabilities in wolfSSL’s OpenSSL-compatible certificate verifier, wolfSSL_X509_verify_cert, allowing attacker‑controlled certificates to be accepted as trusted.
CVE‑2026‑11310 and CVE‑2026‑11999 show that untrusted intermediate certificates supplied by a caller can anchor a path or exhaust path depth and still be treated as valid, even though they never reach a configured trust anchor.
Additional issues such as partial‑chain acceptance (CVE‑2026‑6091) and un‑negotiated raw public key acceptance (CVE‑2026‑55960) further weaken TLS identity verification, enabling man‑in‑the‑middle and impersonation attacks against servers and IoT endpoints.
Multiple wolfSSL Vulnerabilities
Multiple vulnerabilities introduce heap buffer overflows and out‑of‑bounds writes in DTLS 1.3 ACK handling and PKCS7 processing, often before a peer is authenticated.
For example, CVE‑2026‑6679 and CVE‑2026‑5264 describe crafted DTLS 1.3 ACK messages that can overflow heap buffers, potentially leading to remote crashes or code execution on devices that support DTLS 1.3.
Other issues, such as PKCS7 ORI OID stack overflows (CVE‑2026‑5295) and assorted PKCS7 decode and decrypt bugs, affect systems that use CMS/SMIME or PKCS7‑based secure messaging features.
According to wolfSSL, the reported issues involve cryptographic integrity checks and post-quantum implementations in the wolfCrypt library.
CVE‑2026‑5194 reports missing digest size and OID validation in several signature algorithms, allowing signatures over shorter digests than permitted by FIPS standards and reducing the effective security of certificate‑based authentication.
Additional CVEs show that some ML‑KEM and ML‑DSA code paths compare only portions of ciphertext or fail to enforce implicit rejections, weakening IND‑CCA2 guarantees in post‑quantum key encapsulation schemes.
Unpatched systems using vulnerable wolfSSL versions are exposed to certificate forgery, TLS identity bypass, heap corruption, padding‑oracle decryption, and various denial‑of‑service scenarios, particularly where DTLS 1.3, PKCS7, post‑quantum crypto, and OpenSSL‑compatibility APIs are enabled.
Administrators and IoT vendors should urgently upgrade to wolfSSL 5.9.1 or 5.9.2, which contain fixes for the new CVEs, and disable optional features such as OpenSSL compatibility, PKCS7, and experimental post‑quantum support where not strictly required.
Eer4r4Security teams are also advised to review certificate validation logic, rebuild firmware images with updated wolfSSL, and monitor for anomalous TLS and DTLS traffic targeting devices that expose wolfSSL‑based services.
