CVE-2026-2645 in wolfSSL정보

요약

\~에 의해 MITRE • 2026. 03. 19.

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

wolfSSL

예약하다

2026. 02. 17.

공개

2026. 03. 19.

모더레이션

수락

항목

VDB-351741

CPE

준비됨

CWE

CWE-358 (확인됨)

CVSS

7.5 (NVD)

EPSS

0.00023

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2645
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2645
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2645/

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!