{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5263", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-03-31T16:56:07.521Z", "datePublished": "2026-04-09T21:15:48.148Z", "dateUpdated": "2026-04-10T18:09:12.862Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-09T21:15:48.148Z"}, "title": "URI nameConstraints not enforced in ConfirmNameConstraints()", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "type": "CWE"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "programFiles": ["wolfcrypt/src/asn.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10048"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Oleh Konko @1seal", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T18:08:58.932126Z", "id": "CVE-2026-5263", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:09:12.862Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5263", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T18:08:58.932126Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:09:08.258Z"}}], "cna": {"title": "URI nameConstraints not enforced in ConfirmNameConstraints()", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Oleh Konko @1seal"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.1", "versionType": "semver"}], "programFiles": ["wolfcrypt/src/asn.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10048"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.", "supportingMedia": [{"type": "text/html", "value": "<p>URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-09T21:15:48.148Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5263", "state": "PUBLISHED", "dateUpdated": "2026-04-10T18:09:12.862Z", "dateReserved": "2026-03-31T16:56:07.521Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-04-09T21:15:48.148Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "261C41E4-7F04-4C98-AD63-110136730EE9", "versionEndExcluding": "5.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid."}], "id": "CVE-2026-5263", "lastModified": "2026-04-29T17:19:55.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-04-09T22:16:36.647", "references": [{"source": "facts@wolfssl.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/10048"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.9.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-04-09T23:06:52.016188+00:00", "value": {"mitigation_remediation": ["Apply the latest wolfSSL patch that enforces URI nameConstraints during certificate verification.", "If a patch is not yet available, restrict the use of wolfSSL to certificates issued by fully trusted CAs that do not rely on URI SANs.", "Verify that your application performs additional validation of URI SAN entries if possible.", "Keep the library updated and monitor the vendor\u2019s advisory for future releases."], "summary": {"action": "Immediate Patch", "impact": "Certificate Trust Bypass"}, "threat_synthesis": {"affected_systems": "All deployments that use wolfSSL for TLS are potentially affected, as the flaw exists in the open\u2011source wolfcrypt library and is present in all builds until patched. Any application or device that does not enforce its own URI SAN validation and relies on wolfSSL for certificate chain verification is susceptible.", "description_and_impact": "The vulnerability originates in the ConfirmNameConstraints() routine in wolfSSL's certificate verification component, where URI name constraints imported from constrained intermediate CAs are parsed but not enforced. This allows a malicious or compromised sub\u2011CA to issue a leaf certificate containing a URI Subject Alternative Name that violates the parent CA's constraints. Consequently, wolfSSL would accept the certificate as valid, effectively bypassing the intended naming policy and allowing the use of unauthorized URIs within the TLS connection.", "risk_and_exploitability": "The CVSS base score of 7 indicates high risk. EPSS data is not provided, but the vulnerability is not listed in the CISA KEV catalog, suggesting no known public exploitation yet. Attackers would need a sub\u2011CA capable of creating certificates and could use a compromised internal CA or an attacker\u2011controlled CA. Because the attack only requires certificate issuance, the threat is realistic, especially in environments where cross\u2011CA trust is present. Operators should treat this as a high\u2011risk flaw and apply the vendor\u2011supplied patch promptly."}}}}, "created": "2026-04-10T08:38:17.619202+00:00", "updated": "2026-04-10T09:29:00.718220+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}