Cyber Resilience

CVE-2026-5446

Medium

Published: 09 April 2026

Published
09 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 17.7th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-5446 is a medium-severity Reusing a Nonce, Key Pair in Encryption (CWE-323) vulnerability. Its CVSS base score is 6.0 (Medium).

Operationally, ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2026-5446 affects the wolfSSL cryptographic library, specifically ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2. The vulnerability stems from reusing an identical 12-byte GCM nonce for every application-data record, as wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the proprietary MagicCrypto SDK without an internal counter. The explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This issue is limited to wolfSSL builds configured with the non-default --enable-aria option and the MagicCrypto SDK, an opt-in setup required for Korean regulatory deployments. AES-GCM cipher suites are unaffected, as wc_AesGcmEncrypt_ex maintains an independent internal invocation counter.

Attackers positioned to observe encrypted TLS 1.2 or DTLS 1.2 traffic using vulnerable ARIA-GCM cipher suites could exploit the nonce reuse, associated with CWE-323 (Reused Initialization Vector), to potentially decrypt application data or forge records. Exploitation requires the target to be using the specific non-default wolfSSL configuration with MagicCrypto SDK.

Mitigation is provided through a patch in the wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/10111. Security practitioners should update affected wolfSSL builds and avoid the --enable-aria configuration with MagicCrypto SDK unless required for regulatory compliance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter,…

more

and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-36289Shared CWE-323
CVE-2025-59870Shared CWE-323
CVE-2022-37660Shared CWE-323
CVE-2024-11022Shared CWE-323
CVE-2026-3559Shared CWE-323
CVE-2025-46632Shared CWE-323
CVE-2025-64767Shared CWE-323
CVE-2025-47345Shared CWE-323
CVE-2023-28997Shared CWE-323
CVE-2026-3099Shared CWE-323

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic mechanisms that protect the confidentiality and integrity of transmitted information, which the ARIA-GCM nonce reuse violates.

prevent

Mandates the use of approved cryptographic protection mechanisms for data in transit, which the stateless wc_AriaEncrypt implementation fails to provide.

prevent

Requires timely remediation of identified flaws, directly addressed by applying the wolfSSL patch that restores proper nonce handling.

References