Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
wolfSSL: Experimental Certificate Parsing Problem
CVE-2026-5393
Summary
A specific input can cause wolfSSL to access memory it shouldn't. When using wolfSSL with certain experimental features enabled, a crafted certificate can cause the software to accidentally read memory outside of its intended boundaries. This can be a security issue, but only when those experimental features are used and a specific type of certificate is encountered. If you're using wolfSSL, consider disabling those experimental features until a fix is available.
Original title
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-...
Original description
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.
nvd CVSS4.0
6.3
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026