Cyber Resilience

CVE-2026-4395

Low

Published: 19 March 2026

Published
19 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score v4 1.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Amber
EPSS Score 0.0034 26.1th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-4395 is a low-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 1.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-4395 is a heap-based buffer overflow vulnerability in the KCAPI ECC code path of the wc_ecc_import_x963_ex() function within the wolfcrypt component of the wolfSSL library. The flaw occurs because the WOLFSSL_KCAPI_ECC code path copies input data to the key->pubkey_raw buffer, which is sized for 132 bytes, using XMEMCPY without bounds checking. In contrast, the ATECC code path includes length validation. This issue affects wolfSSL deployments that utilize the KCAPI ECC path.

A remote attacker can exploit the vulnerability by acting as a malicious TLS peer and sending a crafted oversized EC public key point, specifically via an ECPoint in the ServerKeyExchange message during TLS key exchange. Exploitation enables writing attacker-controlled data past the bounds of the pubkey_raw buffer. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow).

The wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/9988 addresses the issue, providing a patch for mitigation. Security practitioners should apply this update to wolfSSL installations using the affected KCAPI ECC code path.

EU & UK References

Vulnerability details

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code…

more

path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote, unauthenticated heap buffer overflow exploitable via crafted TLS ServerKeyExchange message in wolfSSL library, enabling exploitation of public-facing TLS applications or services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5187Same product: Wolfssl Wolfssl
CVE-2026-3549Same product: Wolfssl Wolfssl
CVE-2026-5194Same product: Wolfssl Wolfssl
CVE-2026-3547Same product: Wolfssl Wolfssl
CVE-2026-5501Same product: Wolfssl Wolfssl
CVE-2026-5503Same product: Wolfssl Wolfssl
CVE-2026-5500Same product: Wolfssl Wolfssl
CVE-2026-3849Same product: Wolfssl Wolfssl
CVE-2026-5477Same product: Wolfssl Wolfssl
CVE-2025-53511Shared CWE-122

Affected Assets

wolfssl
wolfssl
≤ 5.9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, reporting, testing, and deploying patches to remediate the heap-based buffer overflow in wolfSSL's KCAPI ECC code path as addressed by the provided GitHub pull request.

prevent

Implements runtime memory protections like address space layout randomization, stack canaries, and non-executable heap memory to prevent exploitation of the heap buffer overflow via attacker-controlled data writes.

prevent

Mandates validation of untrusted inputs such as oversized EC public key points in TLS ServerKeyExchange messages to prevent them from exceeding the 132-byte pubkey_raw buffer bounds.

References