Cyber Resilience

CVE-2026-55958

High

Published: 25 June 2026

Published
25 June 2026
Modified
26 June 2026
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 18.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-55958 is a high-severity Return of Wrong Status Code (CWE-393) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the…

more

end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially causing a remote denial of service crash. The bag is sized to hold a normal handshake, so this is reached only by an unusually large but valid certificate chain, or by a malicious or man-in-the-middle server sending an oversized handshake message to a client that does not strictly verify the chain. This only affects builds using the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled, and is rated High within those builds. All other configurations are unaffected.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write in TLS 1.3 client handshake processing enables remote exploitation by a malicious server or MITM, directly mapping to client-side execution of exploit code leading to DoS via heap corruption.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36177Same product: Wolfssl Wolfssl
CVE-2022-39173Same product: Wolfssl Wolfssl
CVE-2021-45939Same vendor: Wolfssl
CVE-2021-45936Same vendor: Wolfssl
CVE-2021-45934Same vendor: Wolfssl
CVE-2021-45938Same vendor: Wolfssl
CVE-2021-45937Same vendor: Wolfssl
CVE-2021-45933Same vendor: Wolfssl
CVE-2021-45932Same vendor: Wolfssl
CVE-2021-37563Shared CWE-787

Affected Assets

wolfssl
wolfssl
5.4.0 — 5.9.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References