Question 1

What is CVE-2026-6681 — CVE-2026-6681?

Accepted Answer

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

Question 2

What is the authoritative source for CVE-2026-6681?

Accepted Answer

CVE-2026-6681 (CVE-2026-6681) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-6681CVE-2026-6681

Description

Scoring