CVE-2026-4159

Published: Mar 19, 2026

Modified: Mar 20, 2026

PUBLISHED

Description

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

Vendor	Product	Versions
wolfSSL	wolfSSL	affected `0 - < 5.9.0`

Weaknesses (CWE)

CWE-125

References

https://github.com/wolfSSL/wolfssl/pull/9945

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-4159

Description

Affected Products

Weaknesses (CWE)

References