CVE-2026-5393CRITICAL 9.1EPSS p9.2%

CVE-2026-5393CVE-2026-5393

Description

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.19% probability of exploitation · percentile 9.2% · 2026-06-19T12:03:05Z
Published2026-04-10
Last modified2026-04-29

Underlying weaknesses· 1

CWE-125

References

  1. https://github.com/wolfSSL/wolfssl/pull/10079

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5188
CVE
CVE-2026-3548
CVE
CVE-2026-3549
CVE
CVE-2026-2646
CVE
CVE-2026-5479
CVE
CVE-2026-5501
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.