CVE-2026-7532
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A vulnerability in the wolfSSL library allows bypassing IP address name constraints when the WOLFSSL_IP_ALT_NAME macro is not defined. In this configuration, a certificate can violate IP address constraints imposed by a certificate authority.
Risk Assessment
The organization may be exposed to accepting unauthorized certificates, leading to potential communication interception or man-in-the-middle attacks.
Recommendation
Define the WOLFSSL_IP_ALT_NAME macro when compiling the wolfSSL library or update to a version where the vulnerability is fixed.
Original NVD description (English source)
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.

