Post-Quantum Implementation Vulnerability in wolfSSL for ARM Cortex-M Microcontrollers
CVE-2026-3503

4.3MEDIUM

Key Information:

Vendor: Wolfssl Inc.
Status: Wolfssl (wolfcrypt)
Vendor: CVE Published:; 19 March 2026

🔔 Create Wolfssl Inc. Vulnerability Alert

What is CVE-2026-3503?

A significant vulnerability exists in the wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) utilized in wolfSSL on ARM Cortex-M microcontrollers. This flaw enables a physical attacker to exploit transient faults, potentially leading to the compromise of cryptographic keys or the integrity of cryptographic outcomes. The attack involves inducing faults that can corrupt or improperly redirect critical seed or pointer values during the Keccak-based expansion process, thereby jeopardizing the reliability of cryptographic operations.

Affected Version(s)

wolfSSL (wolfCrypt) ARM 5.8.2

References

https://github.com/wolfSSL/wolfssl/pull/9734

x_refsource_CONFIRM

CVSS V4

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 3, 2026

Credit

Hariprasad Kelassery Valsaraj of Temasek Laboratories

CVE-2026-3503 Data

JSON