CVE-2026-5188HIGH 8.1EPSS p3.2%

CVE-2026-5188CVE-2026-5188

Description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS0.14% probability of exploitation · percentile 3.2% · 2026-06-19T12:03:05Z
Published2026-04-10
Last modified2026-04-29

Underlying weaknesses· 1

CWE-191

References

  1. https://github.com/wolfSSL/wolfssl/pull/10024

1

TypeTargetConfidenceTier
WeaknessInteger Underflow (Wrap or Wraparound)cwe-1910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5393
CVE
CVE-2026-3548
CVE
CVE-2026-2646
CVE
CVE-2026-3549
CVE
CVE-2026-5187
CVE
CVE-2026-5503
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.