AES-GCM Encryption Flaw in WolfSSL Streaming API
CVE-2026-55967

2LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-55967?

A critical flaw exists in the AES-GCM encryption and decryption mechanisms within the wolfSSL streaming APIs, which fails to reject extremely large cumulative single message sizes exceeding 64 GiB. This oversight potentially allows for counter wrap and keystream reuse, which can lead to serious security implications including the recovery of plaintext data. Users and developers utilizing affected versions should act swiftly to apply the necessary patches to safeguard their applications from unauthorized access.

Affected Version(s)

wolfSSL 4.8.0 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10709

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 17, 2026

Credit

NVIDIA Project Vanessa

CVE-2026-55967 Data

JSON

Wolfssl

What is CVE-2026-55967?

Affected Version(s)

References

CVSS V4

Timeline

Credit