What's the vulnerability?

wolfSSL's EVP compatibility API for ChaCha20-Poly1305 decryption (wolfSSL_EVP_CipherFinal on the AEAD path) returns the decrypted plaintext to the caller without verifying that the Poly1305 authentication tag matches. The AEAD's authenticity guarantee — the entire point of using an authenticated cipher — silently disappears.

Concretely: a consumer that uses the EVP API in the standard pattern (EVP_DecryptInit_exEVP_DecryptUpdateEVP_DecryptFinal_ex, or the streaming EVP_CipherUpdate/EVP_CipherFinal equivalents) and ends with a tag check sees EVP_DecryptFinal_ex return success on every input — including ciphertexts with a tag that doesn't match, including ciphertexts where individual bytes have been flipped. Any active network attacker on the wire (or anyone supplying ciphertext to such a consumer) can forge messages that the application will treat as integrity-validated. Network adjacency (CVSS AV:A) reflects the typical deployment where wolfSSL EVP is used as a TLS-record / packet-AEAD primitive, not the strict TLS handshake path.

Root Cause Analysis

Variant Analysis

Bypass and alternate trigger exploration (if present).
One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00172
or pruva-verify CVE-2026-5479
Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00172/artifacts/bundle/repro/reproduction_steps.sh
2

Make executable

chmod +x reproduction_steps.sh
3

Run the script

./reproduction_steps.sh
Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...