Out-of-bounds Read in Wolfssl

CVE-2026-6094

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

Vulnerability class: Buffer Overflow

Affected products

Weakness classification (CWE)

References