Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
wolfSSL: Man-in-the-middle attack on encrypted data
CVE-2026-5500
Summary
An attacker can intercept and modify encrypted data, potentially allowing them to access sensitive information. This affects users of wolfSSL, a cryptographic library used in various systems. To protect your data, consider updating to a secure version of wolfSSL or using an alternative library.
Original title
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the ...
Original description
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸.
nvd CVSS4.0
8.7
Vulnerability type
CWE-20
Improper Input Validation
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026