Use-After-Free Vulnerability in wolfSSL Products
CVE-2026-7531

2.3LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-7531?

A use-after-free vulnerability in wolfSSL's handling of PQC hybrid key-share can lead to security risks. This issue arises in the context of TLS 1.3 when a malicious server sends a truncated PQC hybrid KeyShare, which may cause the error cleanup path to operate on already freed memory. This vulnerability is part of an incomplete-fix follow-up to a previous issue, emphasizing the need for timely updates to mitigate potential exploits.

Affected Version(s)

wolfSSL 5.8.0 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10327

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

Thai Duong (Calif.io / Anthropic)

CVE-2026-7531 Data

JSON