CVE-2026-3503

MEDIUM EPSS 4.8%
Published Mar 19, 20263mo ago · Modified Jun 17, 20262w ago
4.3 CVSS 4.0
Medium
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.

CVSS Details

Base Score
4.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Attack Vector Physical
Attack Complexity High
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-335

Affected Products 1

VendorProductVersionRange
wolfsslwolfssl*≥5.8.2  –  <5.9.0

References 1

  • github.com https://github.com/wolfSSL/wolfssl/pull/9734
    Issue TrackingPatch

Remediation

  • github.com https://github.com/wolfSSL/wolfssl/pull/9734
    Issue TrackingPatch