CVE-2026-10098 in wolfSSL
Summary
by MITRE • 06/26/2026
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target's serial would match, returning the wrong certificate's status. The fix requires the serial lengths to be equal before comparing the serial bytes.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/26/2026
This vulnerability exists within wolfSSL's implementation of Online Certificate Status Protocol handling, specifically in the OCSP response processing functionality. The flaw occurs during the certificate status lookup process where the system fails to properly validate serial number lengths before performing comparisons. This represents a classic length-confusion vulnerability that can be exploited to manipulate certificate revocation status reporting.
The technical implementation error stems from comparing certificate serial numbers without first ensuring they possess identical byte lengths. When wolfSSL_OCSP_resp_find_status processes an OCSP response, it searches for matching certificates based on their issuer and serial number values. The vulnerability arises because the comparison logic does not enforce that both serial numbers must have equal length before proceeding with byte-by-byte comparison operations.
An attacker can exploit this by constructing an OCSP response containing a SingleResponse for a certificate whose serial number serves as a prefix of the target certificate's serial number. Since the system only checks the serial bytes without validating length equality, it incorrectly matches the shorter serial prefix to the longer target serial, thereby returning the revocation status of the wrong certificate. This effectively allows an attacker to spoof certificate status information for certificates with matching prefixes in their serial numbers.
The operational impact of this vulnerability extends beyond simple certificate validation issues, potentially enabling advanced persistent threats to bypass critical security controls. Attackers could exploit this weakness to make a revoked certificate appear valid or conversely, make a valid certificate appear revoked, undermining the integrity of certificate-based security systems. This type of vulnerability directly relates to CWE-129 and CWE-707 within the CWE taxonomy, representing issues with input validation and improper handling of potentially malicious data.
The fix implemented addresses this by enforcing strict serial number length validation prior to any comparison operations, ensuring that certificate serial numbers must be of equal length before their bytes are compared. This approach aligns with defensive programming principles and follows industry best practices for cryptographic protocol implementations. The mitigation strategy effectively prevents the prefix matching behavior that enabled the exploitation while maintaining proper certificate status verification functionality.
This vulnerability demonstrates how seemingly minor implementation details in cryptographic libraries can create significant security risks, particularly in systems where certificate validation is critical for trust establishment. The flaw's impact on OCSP processing highlights the importance of rigorous input validation in security-sensitive code paths and the necessity of following established security standards such as those defined by NIST and other cybersecurity organizations. Proper length validation before comparison operations should be considered a fundamental requirement in cryptographic implementations to prevent similar issues from occurring in other security protocols.
The ATT&CK framework categorizes this type of vulnerability under privilege escalation and defense evasion techniques, as it can be used to manipulate certificate validation processes that are fundamental to secure communications. Organizations relying on wolfSSL for certificate status checking should implement immediate patches addressing this serial number comparison issue. The vulnerability's exploitation potential makes it particularly concerning for systems where certificate-based authentication is critical, including web servers, email security systems, and any infrastructure relying on proper OCSP validation mechanisms.