Primary

Context

wolfSSL URI Name Constraint Enforcement Vulnerability in Certificate Chain Verification

Vulnerability

Patched

A vulnerability exists in wolfSSL's certificate chain verification process, specifically in the URI name constraint handling of constrained intermediate CAs. The issue arises because, while the URI name constraints are parsed, they are not enforced. This flaw allows a compromised or malicious sub-CA to issue leaf certificates with URI Subject Alternative Name entries that disregard the name constraints of the issuing CA. As a result, wolfSSL may incorrectly validate these certificates as legitimate.

Impact

The vulnerability could lead to the acceptance of invalid certificates, potentially allowing for unauthorized actions or impersonation in scenarios where certificate validation is critical.

Remediation

Users are advised to update to the latest version of wolfSSL, where this issue has been addressed.

Added: Apr 9, 2026, 10:57 PM

Updated: Apr 9, 2026, 10:57 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.8

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.8

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL URI Name Constraint Enforcement Vulnerability in Certificate Chain Verification

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating