CVE-2026-3230

LOW EPSS 11.1%
Published Mar 19, 20263mo ago · Modified Mar 26, 20263mo ago
1.2 CVSS 4.0
Low
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Mar 26, 2026 3mo ago

Description

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.

CVSS Details

Base Score
1.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:X/U:Clear
Attack Vector Network
Attack Complexity High
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
11.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 1

VendorProductVersionRange
wolfsslwolfssl* <5.9.0

References 1

  • github.com https://github.com/wolfSSL/wolfssl/pull/9754
    PatchIssue Tracking

Remediation

  • github.com https://github.com/wolfSSL/wolfssl/pull/9754
    PatchIssue Tracking