AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

OR
          *cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* versions from (including) 4.6.0 up to (excluding) 5.9.2

wolfSSL Inc.: https://github.com/wolfSSL/wolfssl/pull/10554 Types: Issue Tracking, Patch

wolfSSL Inc.: https://www.wolfssl.com/docs/security-vulnerabilities/ Types: Vendor Advisory

{"timestamp":"2026-06-26T10:33:57.969052Z","id":"CVE-2026-10098","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target's serial would match, returning the wrong certificate's status. The fix requires the serial lengths to be equal before comparing the serial bytes.

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-295

https://github.com/wolfSSL/wolfssl/pull/10554

https://www.wolfssl.com/docs/security-vulnerabilities/

[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"4.6.0","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]