CVE Catalog
CVE-2026-6678
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
Integer underflow in wc_PKCS7_DecryptOri when processing crafted Other Recipient Info, leading to incorrect length handling during decryption.
Risk Assessment
An attacker could exploit this vulnerability to decrypt data or cause unexpected behavior, potentially compromising the confidentiality or integrity of communications.
Recommendation
Immediately update the wolfSSL library to a version containing the fix for CVE-2026-6678 and verify proper handling of PKCS#7 messages.
Original NVD description (English source)
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.

