CVE-2026-5446

N/A

Published: 09 April 2026

Published

09 April 2026

Modified

13 April 2026

KEV Added

—

Patch

—

CVSS Score N/A

EPSS Score 0.0004 10.9th percentile

Risk Priority 0 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5446 is a uncategorised-severity Reusing a Nonce, Key Pair in Encryption (CWE-323) vulnerability. Its CVSS base score is N/A.

Operationally, ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter,…

and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard.

Deeper analysisAI

CVE-2026-5446 affects the wolfSSL cryptographic library, specifically ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2. The vulnerability stems from reusing an identical 12-byte GCM nonce for every application-data record, as wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the proprietary MagicCrypto SDK without an internal counter. The explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This issue is limited to wolfSSL builds configured with the non-default --enable-aria option and the MagicCrypto SDK, an opt-in setup required for Korean regulatory deployments. AES-GCM cipher suites are unaffected, as wc_AesGcmEncrypt_ex maintains an independent internal invocation counter.

Attackers positioned to observe encrypted TLS 1.2 or DTLS 1.2 traffic using vulnerable ARIA-GCM cipher suites could exploit the nonce reuse, associated with CWE-323 (Reused Initialization Vector), to potentially decrypt application data or forge records. Exploitation requires the target to be using the specific non-default wolfSSL configuration with MagicCrypto SDK.

Mitigation is provided through a patch in the wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/10111. Security practitioners should update affected wolfSSL builds and avoid the --enable-aria configuration with MagicCrypto SDK unless required for regulatory compliance.

Details

CWE(s): CWE-323

CVEs Like This One

CVE-2025-47345Shared CWE-323

CVE-2026-3099Shared CWE-323

CVE-2025-59870Shared CWE-323

CVE-2026-25998Shared CWE-323

References

https://github.com/wolfSSL/wolfssl/pull/10111
facts@wolfssl.com