CVE-2026-5188

HIGH

Integer underflow in X.509 SAN parsing in wolfSSL

Title source: cna

Description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

References (1)

Core 1

Core References

https://github.com/wolfSSL/wolfssl/pull/10024

Scores

CVSS v3 8.1

EPSS 0.0014

EPSS Percentile 3.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-191

Status published

Products (2)

wolfSSL/wolfSSL < 5.9.0

wolfssl/wolfssl < 5.9.1

Published Apr 10, 2026

Tracked Since Apr 10, 2026