Improper input validation in Wolfssl
CVE-2026-5500
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducin…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.001 (23.8th percentile) — read the EPSS interpretation.
Affected products
- Wolfssl — versions 0