CVE-2026-6681

EUVD-2026-39556
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
wolfSSLCNA
1 LOW
ADJACENT
LOW
LOW
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
wolfsslwolfssl
3.10.0 ≤
𝑥
≤ 5.9.0
CNA
Common Weakness Enumeration
References
https://github.com/wolfSSL/wolfssl/pull/10116
https://www.wolfssl.com/docs/security-vulnerabilities/