CVE-2026-2645

CVE Database · CVE-2026-2645

CVE-2026-2645

· HIGHAnalyzed

CVSS v3.1

7.5

CVSS v4.0

5.5

EPSS

0.13%

Published

Mar 19, 2026

Modified

Apr 29, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-358

Affected Products (1)

wolfssl · wolfssl (up to 5.8.4)vulnerable

References (1)

https://github.com/wolfSSL/wolfssl/pull/9694

Issue TrackingPatch

KEV Catalog EPSS Scores Vendors All CVEs