CVE-2026-6681
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
In the PKCS#7 decode path of the wolfSSL library, the caller-supplied output buffer size (outputSz) is ignored, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL version 5.9.0 and earlier, and was fixed in release 5.9.1.
Risk Assessment
An attacker could exploit this vulnerability to cause a buffer overflow, potentially leading to application crashes, data corruption, or remote code execution in the context of the process using the wolfSSL library.
Recommendation
Immediately update the wolfSSL library to version 5.9.1 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

