In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.
PUBLISHED5.2CWE-358
Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Problem type
Affected products
wolfSSL
wolfSSL
< 5.8.4 - AFFECTED
References
GitHub Security Advisories
GHSA-cwc7-2fmx-fffq
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine...
https://github.com/advisories/GHSA-cwc7-2fmx-fffqIn wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2645Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2645",
"assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"assignerShortName": "wolfSSL",
"dateUpdated": "2026-03-19T17:45:54.299Z",
"dateReserved": "2026-02-17T22:29:13.929Z",
"datePublished": "2026-03-19T17:10:22.919Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"shortName": "wolfSSL",
"dateUpdated": "2026-03-19T17:10:22.919Z"
},
"datePublic": "2026-03-20T00:24:00.000Z",
"title": "Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2",
"descriptions": [
{
"lang": "en",
"value": "In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.</p>"
}
]
}
],
"affected": [
{
"vendor": "wolfSSL",
"product": "wolfSSL",
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver",
"lessThan": "5.8.4"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"cweId": "CWE-358",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://github.com/wolfSSL/wolfssl/pull/9694"
}
],
"impacts": [
{
"capecId": "CAPEC-218",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-218 Spoofing of Entities"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kai Tian",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-03-19T17:45:54.299Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}