cvedb.io
CVE-2026-5504
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-04-09T23:17:01.400 · Last modified 2026-06-17T10:59:08.143

Summary

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

Affected products

wolfssl — wolfssl

Does this affect you?

Add your gear to cvedb and we'll alert you only when wolfssl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.