Integer Underflow Vulnerability in wolfSSL Affects X.509 Certificate Parsing
CVE-2026-5188

2.3LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-5188?

An integer underflow vulnerability exists in wolfSSL's handling of the Subject Alternative Name (SAN) extension in X.509 certificates. This issue arises when a malformed certificate defines an entry length that exceeds the enclosing sequence, leading to an incorrect internal length counter during parsing. As a result, certificate data may be mishandled, posing a potential security risk. This vulnerability affects configurations utilizing the original ASN.1 parsing implementation, which is disabled by default.

Affected Version(s)

wolfSSL 0 <= 5.9.0

References

https://github.com/wolfSSL/wolfssl/pull/10024

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

Discovered by Muhammad Arya Arjuna Habibullah

CVE-2026-5188 Data

JSON