CVE-2026-6094

CVE-2026-6094CVE-2026-6094

Description

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

Scoring

Last modified2026-06-25
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.