CVE-2026-5500

MEDIUM

Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass

Title source: cna

Description

wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸.

References (1)

https://github.com/wolfSSL/wolfssl/pull/10102

Scores

CVSS v3 5.9

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

wolfSSL/wolfSSL < 5.9.0

wolfssl/wolfssl < 5.9.0

Published Apr 10, 2026

Tracked Since Apr 10, 2026