{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5479", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-04-03T08:22:18.791Z", "datePublished": "2026-04-10T02:38:39.918Z", "dateUpdated": "2026-04-10T13:44:05.956Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-10T02:38:39.918Z"}, "title": "wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "type": "CWE"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "programFiles": ["wolfcrypt/src/evp.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.6, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Calif.io in collaboration with Claude and Anthropic Research", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T13:43:58.125541Z", "id": "CVE-2026-5479", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T13:44:05.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5479", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-10T13:43:58.125541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T13:44:02.475Z"}}], "cna": {"title": "wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Calif.io in collaboration with Claude and Anthropic Research"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.1", "versionType": "semver"}], "programFiles": ["wolfcrypt/src/evp.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10102"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.", "supportingMedia": [{"type": "text/html", "value": "<p>In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-10T02:38:39.918Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5479", "state": "PUBLISHED", "dateUpdated": "2026-04-10T13:44:05.956Z", "dateReserved": "2026-04-03T08:22:18.791Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-04-10T02:38:39.918Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value."}], "id": "CVE-2026-5479", "lastModified": "2026-04-10T04:17:16.930", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-04-10T04:17:16.930", "references": [{"source": "facts@wolfssl.com", "url": "https://github.com/wolfSSL/wolfssl/pull/10102"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.9.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-04-10T04:50:51.295610+00:00", "value": {"mitigation_remediation": ["Upgrade wolfSSL to a version that contains the fix from PR\u202f10102 or later.", "If an upgrade is not immediately possible, manually verify the ChaCha20\u2011Poly1305 authentication tag before accepting decrypted data.", "Consider disabling Chacha20\u2011Poly1305 usage in affected applications until the library is updated.", "Monitor the wolfSSL release stream for patched versions and apply updates promptly.", "After update, test encrypted communications to confirm proper tag verification."], "summary": {"action": "Immediate Patch", "impact": "Authentication failure allowing tampered data to be accepted"}, "threat_synthesis": {"affected_systems": "The flaw affects the wolfSSL library for any builds that employ ChaCha20-Poly1305 via the EVP interface. Version information is not specified, so all releases before the fix in PR\u202f10102 should be treated as potentially vulnerable until a patched release is deployed.", "description_and_impact": "The vulnerability resides in wolfSSL\u2019s EVP API, where ChaCha20-Poly1305 decryption does not verify the authentication tag before returning plaintext. An attacker who can supply a forged tag can cause the application to accept corrupted data, compromising data integrity and potentially revealing confidential information if the ciphertext is controlled.", "risk_and_exploitability": "The CVSS score of 7.6 indicates medium\u2011high severity. EPSS is not available and the vulnerability is not in KEV, yet the attack path is straightforward: an application using wolfSSL for ChaCha20\u2011Poly1305 can be subverted by providing a malformed authentication tag. Because wolfSSL is widely used in embedded, IoT, and network services, the impact could be significant for any environment that does not apply the patch."}}}}, "created": "2026-04-10T08:35:58.743154+00:00", "updated": "2026-04-10T09:27:00.307728+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}