Cyber Resilience

CVE-2026-5477

High

Published: 10 April 2026

Published
10 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5477 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5477 is an integer overflow vulnerability (CWE-190) in the wolfCrypt CMAC implementation within the wolfSSL cryptographic library. The issue arises in the wc_CmacUpdate function, which uses a guard condition `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block, where the digest is all-zeros and the operation is a no-op. However, totalSz is a word32 value that wraps around to zero after 2^28 block flushes (equivalent to 4 GiB of data), causing the guard to incorrectly discard the live CBC-MAC chain state.

An unauthenticated remote attacker with network access can exploit this vulnerability due to its CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). By processing two messages that share a common suffix beyond the 4 GiB mark, the attacker can generate identical CMAC tags with zero additional work, enabling a prefix-substitution forgery attack that violates message integrity.

The wolfSSL project has addressed the vulnerability via a pull request at https://github.com/wolfSSL/wolfssl/pull/10102, which removes the problematic guard condition and makes the XOR operation unconditional. This fix preserves the no-op behavior on the first block because the digest is zero-initialized by wc_InitCmac_ex, ensuring proper CBC-MAC chaining without relying on the totalSz check.

EU & UK References

Vulnerability details

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the…

more

XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional; the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-34293Same product: Wolfssl Wolfssl
CVE-2026-5501Same product: Wolfssl Wolfssl
CVE-2024-5814Same product: Wolfssl Wolfssl
CVE-2022-23408Same product: Wolfssl Wolfssl
CVE-2023-6935Same product: Wolfssl Wolfssl
CVE-2023-6937Same product: Wolfssl Wolfssl
CVE-2026-5500Same product: Wolfssl Wolfssl
CVE-2022-42961Same product: Wolfssl Wolfssl
CVE-2022-38152Same product: Wolfssl Wolfssl
CVE-2025-7396Same product: Wolfssl Wolfssl

Affected Assets

wolfssl
wolfssl
≤ 5.9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the integer overflow flaw in wolfCrypt CMAC implementation to prevent CMAC tag forgery after 4 GiB data processing.

detect

Enables vulnerability scanning to identify the CVE-2026-5477 integer overflow in deployed wolfSSL libraries, allowing proactive patching.

prevent

Mandates use of validated cryptographic mechanisms that address implementation flaws like the CMAC totalSz overflow leading to tag forgery.

References