CVE-2026-5393

CVE Database · CVE-2026-5393

CVE-2026-5393

· CRITICALAnalyzed

CVSS v3.1

9.1

CVSS v4.0

6.3

EPSS

0.19%

Published

Apr 9, 2026

Modified

Apr 29, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weaknesses (CWE)

CWE-125

Affected Products (1)

wolfssl · wolfssl (up to 5.9.1)vulnerable

References (1)

https://github.com/wolfSSL/wolfssl/pull/10079

Issue TrackingPatch

KEV Catalog EPSS Scores Vendors All CVEs