CVE-2026-5188

LOW EPSS 3.3%

Published Apr 10, 20262mo ago · Modified Jun 17, 20261w ago

2.3 CVSS 4.0

Low

Published Apr 10, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

CVSS Details

Base Score

2.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

3.3% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-191

Affected Products 1

Vendor	Product	Version	Range
wolfssl	wolfssl	*	<5.9.1

References 1

github.com https://github.com/wolfSSL/wolfssl/pull/10024

Issue TrackingPatch

Remediation

github.com https://github.com/wolfSSL/wolfssl/pull/10024

Issue TrackingPatch