CVE-2026-5479
Published: 10 April 2026
Description
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,…
more
the implementation computes or accepts the tag but does not compare it against the expected value.
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Proper validation of integrity check values is required for reliable tamper detection, directly reducing undetected modification risks.
Requires validation of integrity check values on every resolution response, directly mitigating tampered or corrupted DNS data.
Control mandates proper validation of integrity values (checksums) on prepared data, making flawed validation of those checks ineffective for attackers.
Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.
Requires proper validation of integrity mechanisms, directly mitigating flawed check-value handling.
Security SummaryAI
CVE-2026-5479 is a vulnerability in the wolfSSL cryptographic library's EVP layer, specifically affecting the ChaCha20-Poly1305 AEAD decryption path in the wolfSSL_EVP_CipherFinal function and related EVP cipher finalization functions. The issue arises because the implementation computes or accepts the authentication tag during decryption but fails to verify it against the expected value before returning plaintext to the caller. This flaw, classified under CWE-354 (Improper Validation of Integrity Check Value), impacts applications that use the wolfSSL EVP API for ChaCha20-Poly1305 decryption.
An attacker can exploit this vulnerability by supplying a malformed or tampered ciphertext to an application performing ChaCha20-Poly1305 decryption via the affected wolfSSL EVP functions. Since the authentication tag is not properly checked, the application will accept invalid plaintext as authentic, potentially allowing the attacker to decrypt and process forged or modified data without detection. Exploitation requires the attacker to have the ability to provide ciphertext input to the decryption routine, such as in network protocols or file processing scenarios that rely on wolfSSL for this cipher suite.
A pull request addressing the issue is available at https://github.com/wolfSSL/wolfssl/pull/10102, which presumably implements the necessary authentication tag verification fix for the EVP layer's ChaCha20-Poly1305 decryption path. Security practitioners should review and apply this patch to affected wolfSSL versions to mitigate the risk.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth tag bypass in ChaCha20-Poly1305 decryption directly enables undetected tampering of ciphertext supplied via network protocols, facilitating MITM data manipulation.