What is CVE-2026-5504?

CVE-2026-5504 is a medium-severity vulnerability in Wolfssl, classified under Improper Validation of Integrity Check Value. CVSS score: 5.3/10. Published 2026-04-09.

How severe is CVE-2026-5504?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Wolfssl

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not va…

EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Wolfssl — versions 0

Weakness classification (CWE)

CWE-354 — Improper Validation of Integrity Check Value

References

facts@wolfssl.com (Patch, Issue Tracking)

Frequently asked questions

What is CVE-2026-5504?: CVE-2026-5504 is a medium-severity vulnerability in Wolfssl, classified under Improper Validation of Integrity Check Value. CVSS score: 5.3/10. Published 2026-04-09.
How severe is CVE-2026-5504?: Medium severity. CVSS v3 base score is 5.3 out of 10.