CVE-2026-6678
Modified Modified - Updated After Analysis

Integer Underflow in wolfSSL PKCS#7 Decryption

Vulnerability report for CVE-2026-6678, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-01

Assigner: wolfSSL Inc.

Description

Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-01
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-14
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl From 3.15.5 (inc) to 5.9.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Executive Summary

This vulnerability is an integer underflow occurring in the function wc_PKCS7_DecryptOri when it processes crafted Other Recipient Info. This flaw causes incorrect length handling during the decryption process.

Impact Analysis

The vulnerability leads to incorrect length handling during decryption, which may cause unexpected behavior or errors in the decryption process. However, the CVSS base score is low (1.0), indicating a limited impact.

Mitigation Strategies

To mitigate this vulnerability, you should update your wolfSSL library to include the fixes merged in the pull request #10203 on April 24, 2026.

This update addresses multiple issues in the PKCS#7 implementation, including adding missing length validations, bounds checks for RecipientInfo SET length, nonce length validation, and other hardening measures that prevent the integer underflow vulnerability.

Applying this patch or upgrading to a version of wolfSSL that includes these fixes will help prevent exploitation of the integer underflow in wc_PKCS7_DecryptOri.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6678. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart