Out of Bounds Read Vulnerability in wolfSSHd on Windows
CVE-2026-0930

2.3LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssh
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-0930?

The out of bounds read vulnerability in wolfSSHd on Windows allows an authenticated user to trigger a condition that leaks adjacent stack memory. This happens during the processing of a terminal resize request after the user has successfully established a connection. The leaked information may provide sensitive data, posing risks to the security of the application.

Affected Version(s)

wolfSSH 1.4.15 < 1.5.0

References

https://github.com/wolfssl/wolfssh/pull/846

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Jan 13, 2026

Credit

Luigino Camastra

Pavel Kohout

CVE-2026-0930 Data

JSON