Buffer Overflow Vulnerability in wolfSSL Affects Multiple Versions
CVE-2026-6681

1LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-6681?

A vulnerability exists in the PKCS#7 decoding path of wolfSSL, where the implementation neglects to properly check the output buffer size specified by the caller. This oversight allows for decoded content to overflow beyond the limits of the allocated buffer space. This issue compromises the integrity and stability of applications relying on wolfSSL versions 5.9.0 and earlier, making them susceptible to potential exploits. The vulnerability was addressed in version 5.9.1.

Affected Version(s)

wolfSSL 3.10.0 <= 5.9.0

References

https://github.com/wolfSSL/wolfssl/pull/10116

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Nicholas Carlini from Anthropic

CVE-2026-6681 Data

JSON