Out-of-Bounds Read Vulnerability in wolfSSL Affected by ALPN Parsing
CVE-2026-3547

7.5HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-3547?

A significant security vulnerability exists in wolfSSL due to an out-of-bounds read in ALPN parsing, which arises from inadequate validation. When built with ALPN enabled, wolfSSL versions 5.8.4 and earlier are particularly vulnerable. This flaw can be exploited via a carefully crafted ALPN protocol list, leading to a potential denial of service by causing a process crash. Although ALPN is disabled by default, its activation for third-party compatibility features increases the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wolfSSL ALPN-enabled builds (HAVE_ALPN / --enable-alpn) 0 < 5.9.0

References

https://github.com/wolfSSL/wolfssl/pull/9859

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Oleh Konko

JSON

Wolfssl

What is CVE-2026-3547?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.