The vulnerability (CVE-2026-55962) affects TLS 1.3 servers using wolfSSL with post-handshake authentication enabled (WOLFSSL_POST_HANDSHAKE_AUTH / --enable-postauth) and configured to verify client certificates post-handshake (WOLFSSL_VERIFY_POST_HANDSHAKE). The issue is that the server could accept a client's Finished message without the client having sent the required Certificate and CertificateVerify messages during post-handshake authentication. This happens because the exemption allowing an empty or absent peer certificate was incorrectly applied beyond the initial handshake phase, specifically while a post-handshake CertificateRequest was outstanding. The fix scopes this exemption strictly to the initial handshake, requiring a valid peer certificate and CertificateVerify during post-handshake authentication, consistent with the configured verification mode (FAIL_IF_NO_PEER_CERT). Clients and servers not using post-handshake authentication are unaffected.

Affected TLS 1.3 servers may accept a client's Finished message without proper client certificate authentication during post-handshake authentication, potentially allowing unauthorized clients to complete the handshake phase without presenting valid credentials. This undermines the intended client authentication mechanism post-handshake. However, this only affects wolfSSL TLS 1.3 servers configured with post-handshake authentication support and client certificate verification after handshake. Clients and servers not using these features are not impacted.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid enabling post-handshake authentication with client certificate requests on wolfSSL TLS 1.3 servers. Monitor vendor communications for updates and apply official patches or configuration changes once provided.