VDB
CVE-2026-5392
CVE-2026-5392
PUBLISHED
CVSS 2.3 LOW
Reported by wolfSSL · Published April 9, 2026
Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().
EPSS 0.02% · 3.2th percentile
Risk Scores
CVSS v4.0
2.3
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.02%
3.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wolfSSL | wolfSSL | 0 |
| wolfSSL | wolfSSL | 0 |
Timeline
- Apr 9, 2026 CVE Published
- Apr 10, 2026 EPSS Score
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score