GHSA-cj56-5c53-9qjf
A vulnerability exists in the OpenSSL compatibility builds of wolfSSL where the function wolfSSL_PKCS7_verify() incorrectly returns success for degenerate PKCS#7 objects that contain no signer. This means that signed-data verification can succeed without authenticating any content if the PKCS#7 object has empty signerInfos. The issue affects only the compatibility-layer verify path and is now fixed by rejecting such objects when no valid signer signature is verified, regardless of the PKCS7_NOVERIFY flag.
AI Analysis
Technical Summary
The wolfSSL_PKCS7_verify() function in OpenSSL compatibility builds of wolfSSL previously returned success for PKCS#7 objects that contained no signer information (empty signerInfos). This allowed the signed-data verification to succeed without any actual signature verification, effectively authenticating unsigned content. The vulnerability is specific to the compatibility-layer API PKCS7_verify() when used on degenerate (certs-only) PKCS#7 bundles. The fix enforces rejection of such objects if no signer signature is verified, independent of the PKCS7_NOVERIFY flag, which only suppresses certificate chain validation but does not waive the requirement for a signature.
Potential Impact
This vulnerability could allow an attacker to bypass signature verification by providing a PKCS#7 object with no valid signer signature, leading to false verification success and potential acceptance of unauthenticated content. This undermines the integrity guarantees of PKCS#7 signed data in affected wolfSSL OpenSSL compatibility builds.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users should monitor wolfSSL advisories for an official fix. Until patched, avoid using the PKCS7_verify() compatibility API on untrusted or potentially degenerate PKCS#7 objects. The fix involves rejecting PKCS#7 objects with no valid signer signature regardless of the PKCS7_NOVERIFY flag.
GHSA-cj56-5c53-9qjf
Description
A vulnerability exists in the OpenSSL compatibility builds of wolfSSL where the function wolfSSL_PKCS7_verify() incorrectly returns success for degenerate PKCS#7 objects that contain no signer. This means that signed-data verification can succeed without authenticating any content if the PKCS#7 object has empty signerInfos. The issue affects only the compatibility-layer verify path and is now fixed by rejecting such objects when no valid signer signature is verified, regardless of the PKCS7_NOVERIFY flag.
CVSS v4.0
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The wolfSSL_PKCS7_verify() function in OpenSSL compatibility builds of wolfSSL previously returned success for PKCS#7 objects that contained no signer information (empty signerInfos). This allowed the signed-data verification to succeed without any actual signature verification, effectively authenticating unsigned content. The vulnerability is specific to the compatibility-layer API PKCS7_verify() when used on degenerate (certs-only) PKCS#7 bundles. The fix enforces rejection of such objects if no signer signature is verified, independent of the PKCS7_NOVERIFY flag, which only suppresses certificate chain validation but does not waive the requirement for a signature.
Potential Impact
This vulnerability could allow an attacker to bypass signature verification by providing a PKCS#7 object with no valid signer signature, leading to false verification success and potential acceptance of unauthenticated content. This undermines the integrity guarantees of PKCS#7 signed data in affected wolfSSL OpenSSL compatibility builds.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users should monitor wolfSSL advisories for an official fix. Until patched, avoid using the PKCS7_verify() compatibility API on untrusted or potentially degenerate PKCS#7 objects. The fix involves rejecting PKCS#7 objects with no valid signer signature regardless of the PKCS7_NOVERIFY flag.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-cj56-5c53-9qjf
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-55961"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a3ef79027e9c79719ff6e90
Added to database: 06/26/2026, 22:05:04 UTC
Last enriched: 06/26/2026, 22:17:45 UTC
Last updated: 06/27/2026, 00:51:28 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.