wolfssl security advisories
3 threat alerts tracking vulnerabilities and security advisories that affect wolfssl products.
Vulnios monitors wolfssl CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent wolfssl security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-6094 — wolfssl — wolfssl
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
criticalCVE-2026-6094Critical Vulnerability: CVE-2026-7531 — wolfssl — wolfssl
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still
criticalCVE-2026-7531Critical Vulnerability: CVE-2017-2800 — wolfssl — wolfssl
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and poss
criticalCVE-2017-2800
Track wolfssl exposure across your environment
Vulnios automatically cross-references your asset inventory against new wolfssl CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan