CVE Catalog

CVE-2026-7532

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A vulnerability in the wolfSSL library allows bypassing IP address name constraints when the WOLFSSL_IP_ALT_NAME macro is not defined. In this configuration, a certificate can violate IP address constraints imposed by a certificate authority.

Risk Assessment

The organization may be exposed to accepting unauthorized certificates, leading to potential communication interception or man-in-the-middle attacks.

Recommendation

Define the WOLFSSL_IP_ALT_NAME macro when compiling the wolfSSL library or update to a version where the vulnerability is fixed.

Original NVD description (English source)

iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS