43 matches found
JLSEC-2026-697 X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier ...
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
JLSEC-2026-699 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate...
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
CVE-2026-54919 cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...
Linux Distros Unpatched Vulnerability : CVE-2026-11999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with...
CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
UBUNTU-CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
CVE-2026-11310
The CVE-2026-11310 entry concerns wolfSSL’s X509_verify_cert() when built with --enable-opensslextra (OPENSSL_EXTRA) and used by applications that pass untrusted intermediates to X509_verify_cert(). The root cause is that wolfSSL temporarily loads untrusted intermediates into the certificate mana...
CVE-2026-11310 X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
UBUNTU-CVE-2026-11999
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
CVE-2026-11999 X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
EUVD-2026-39496
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
CVE-2026-11999
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
PT-2026-52511
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...
CVE-2026-33810
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling
OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
CVE-2026-3336
This CVE affects AWS-LC: improper certificate validation in PKCS7_verify() can bypass certificate chain verification for PKCS7 objects with multiple signers (excluding the final signer). Impact is high (integrity risk) with network attack potential. AWS customers are not required to act, but appl...
PT-2026-22702
Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description A flaw exists in the PKCS7 verify function within AWS-LC that allows an unauthenticated user to circumvent certificate chain verification when handling PKCS7 objects containing multiple signers,...
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...