Out-of-Bounds Heap Read Vulnerability in wolfSSL Products
CVE-2026-4159

1.2LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-4159?

A vulnerability exists in wolfSSL where a crafted CMS EnvelopedData message with zero-length encrypted content can trigger a 1-byte out-of-bounds heap read in the wc_PKCS7_DecodeEnvelopedData function. This could potentially lead to exposure of sensitive information or unintended behavior in applications using affected wolfSSL versions. Note that by default, PKCS7 support is disabled, mitigating the immediate risk for many users. Users are advised to upgrade to the latest versions to ensure their systems are secure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wolfSSL 0 < 5.9.0

References

https://github.com/wolfSSL/wolfssl/pull/9945

CVSS V4

Score:

1.2

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 13, 2026

Credit

Haruto Kimura (Stella)

JSON

Wolfssl

What is CVE-2026-4159?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.