Integer Underflow in Decryption Algorithm of wolfSSL
CVE-2026-6678

1LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-6678?

The vulnerability pertains to an integer underflow in the wc_PKCS7_DecryptOri function within wolfSSL. This flaw involves improper handling of crafted Other Recipient Info, which can result in incorrect length management during decryption procedures. Such vulnerabilities expose security weaknesses that can be exploited, leading to potential unauthorized data access or manipulation.

Affected Version(s)

wolfSSL 3.15.5 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10203

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Dikai Zou

CVE-2026-6678 Data

JSON