CVE-2026-3549
Published: 19 March 2026
Summary
CVE-2026-3549 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identifying, prioritizing, and patching flaws like the integer underflow in wolfSSL's ECH parsing to prevent heap overflows.
Enforces least functionality by prohibiting unnecessary features like ECH in wolfSSL, eliminating the vulnerable parsing path since ECH is off by default.
Implements memory protections such as ASLR and DEP to mitigate exploitation of heap overflows from malformed ECH extensions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated heap overflow in TLS ECH parsing enables arbitrary code execution on network-exposed servers using vulnerable wolfSSL (ECH-enabled), directly mapping to exploitation of public-facing applications and remote services.
NVD Description
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by…
more
default, and the ECH standard is still evolving.
Deeper analysisAI
CVE-2026-3549 is a heap overflow vulnerability in the wolfSSL library's TLS 1.3 Encrypted Client Hello (ECH) parsing logic. An integer underflow occurs when calculating a buffer length during ECH extension parsing, leading to writing beyond the bounds of an allocated buffer. This affects wolfSSL implementations where ECH is enabled, though ECH is disabled by default in wolfSSL, and the ECH standard remains under development.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation could result in high-impact consequences, including arbitrary code execution, data disclosure, or system compromise through the heap overflow (CWE-122).
Mitigation is addressed in a wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/9817, which fixes the integer underflow in ECH parsing. Security practitioners should update to the patched version and ensure ECH remains disabled unless explicitly required.
Notable context includes that ECH is off by default in wolfSSL, reducing exposure, and no real-world exploitation has been reported as of the CVE publication on 2026-03-19.
Details
- CWE(s)