VDB

CVE-2026-3503

CVE-2026-3503 PUBLISHED CVSS 4.300000190734863 MEDIUM

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.

EPSS 0.01% · 0.8th percentile

Risk Scores

CVSS v4.0
4.300000190734863
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/U:Amber
EPSS Score
0.01%
0.8th percentile

Affected Products

VendorProductVersions
wolfSSL Inc.wolfSSL (wolfCrypt)5.8.2, 5.8.2, 5.8.2

Timeline

  • Mar 19, 2026 CVE Published
  • Mar 19, 2026 CVE Updated
  • Mar 20, 2026 EPSS Score
  • Mar 21, 2026 EPSS Score
  • Mar 21, 2026 Coalition ESS Score
  • Mar 22, 2026 EPSS Score
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score
  • Mar 29, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›