CVE Catalog

CVE-2026-6678

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

Integer underflow in wc_PKCS7_DecryptOri when processing crafted Other Recipient Info, leading to incorrect length handling during decryption.

Risk Assessment

An attacker could exploit this vulnerability to decrypt data or cause unexpected behavior, potentially compromising the confidentiality or integrity of communications.

Recommendation

Immediately update the wolfSSL library to a version containing the fix for CVE-2026-6678 and verify proper handling of PKCS#7 messages.

Original NVD description (English source)

Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS