Cyber Resilience

CVE-2026-6291

Medium

Published: 25 June 2026

Published
25 June 2026
Modified
26 June 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-6291 is a medium-severity Observable Timing Discrepancy (CWE-208) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 6.0 (Medium).

Operationally, ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to…

more

submit crafted EnvelopedData messages and observe error responses could use this as a padding oracle to incrementally recover the encrypted Content Encryption Key (CEK). The fix generates a deterministic pseudo-random fake CEK on padding failure (via HMAC-SHA256) and proceeds with decryption identically, using constant-time operations throughout, so that all failure paths produce the same error regardless of padding validity.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-7396Same product: Wolfssl Wolfssl
CVE-2024-1544Same product: Wolfssl Wolfssl
CVE-2026-6331Same product: Wolfssl Wolfssl
CVE-2026-6450Same product: Wolfssl Wolfssl
CVE-2026-5503Same product: Wolfssl Wolfssl
CVE-2021-3336Same product: Wolfssl Wolfssl
CVE-2026-55960Same product: Wolfssl Wolfssl
CVE-2025-7394Same product: Wolfssl Wolfssl
CVE-2026-7532Same product: Wolfssl Wolfssl
CVE-2022-34293Same product: Wolfssl Wolfssl

Affected Assets

wolfssl
wolfssl
3.9.10 — 5.9.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-208

Timing randomization or delays can mask true operation timing and mislead timing-based attacks.

addresses: CWE-208

Observable timing discrepancies are a primary mechanism for constructing covert timing channels; analysis identifies and bounds them, limiting exploitation.

References