CVE-2026-3503
Fault Injection Vulnerability in wolfCrypt Post-Quantum ARM Cortex-M
Publication date: 2026-03-19
Last updated on: 2026-04-29
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | From 5.8.2 (inc) to 5.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-335 | The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3503 is a fault injection vulnerability in the post-quantum cryptographic implementations ML-KEM (Kyber) and ML-DSA (Dilithium) within the wolfSSL library. It affects wolfCrypt on ARM Cortex-M microcontrollers. The vulnerability allows a physical attacker to induce transient faults that corrupt or redirect seed or pointer values during the Keccak-based expansion process, compromising key material or cryptographic outcomes.
The issue arises because the protection mechanisms in these cryptographic algorithms can be bypassed through fault attacks, which manipulate internal buffers or pointers to cause incorrect cryptographic computations.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can allow a physical attacker with access to the device to compromise sensitive cryptographic key material or cause incorrect cryptographic results. This can lead to unauthorized decryption, signature forgery, or other cryptographic failures, undermining the security guarantees of the system using wolfSSL's post-quantum algorithms."}, {'type': 'paragraph', 'content': 'Such an attack could result in loss of confidentiality, integrity, and authenticity of data protected by these cryptographic primitives.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves fault injection attacks on post-quantum cryptographic implementations in wolfSSL on ARM Cortex-M microcontrollers. Detection typically requires monitoring for signs of induced transient faults or corrupted cryptographic operations at the hardware or firmware level.
Since the issue is related to physical fault injection and pointer/seed corruption during cryptographic operations, there are no specific network commands to detect it directly.
However, enabling fault hardening in the wolfSSL build (using the `--enable-faultharden` configuration option) introduces internal checks that can detect pointer tampering and buffer corruption during cryptographic operations. Monitoring logs or error reports from these internal checks can help identify exploitation attempts.
For system-level detection, you may consider using hardware debugging tools or fault injection detection mechanisms specific to your ARM Cortex-M microcontroller platform.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your wolfSSL library to version 5.9.0 or later, which includes patches that harden the ML-KEM (Kyber) and ML-DSA (Dilithium) implementations against fault injection attacks.
- Rebuild wolfSSL with the `--enable-faultharden` configuration option enabled to activate the fault hardening features.
- Ensure that the updated wolfSSL source files (`wc_mlkem.c`, `dilithium.c`, and `sha3.c`) with the fault hardening patches are applied.
- Deploy the updated and hardened wolfSSL library on all affected ARM Cortex-M microcontroller devices.
Additionally, consider implementing physical security measures to prevent fault injection attacks, such as shielding and tamper detection on the hardware.