VDB
CVE-2026-3230
CVE-2026-3230
PUBLISHED
CVSS 1.2000000476837158 LOW
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.
EPSS 0.08% · 22.9th percentile
Risk Scores
CVSS v4.0
1.2000000476837158
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear
EPSS Score
0.08%
22.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wolfssl | wolfssl | 0, 0, 0 |
| wolfSSL | wolfSSL | 0, 0, 0 |
Timeline
- Mar 19, 2026 CVE Published
- Mar 19, 2026 PoC Published
- Mar 20, 2026 EPSS Score
- Mar 20, 2026 CVE Updated
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Coalition ESS Score
- Mar 23, 2026 EPSS Score
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory
- May 18, 2026 EPSS Score