CVE-2026-6678
Published: 25 June 2026
Summary
CVE-2026-6678 is a low-severity Wrap or Wraparound (CWE-191) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 1.0 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-39558
Vulnerability details
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer underflow in PKCS7 decryption handling enables remote exploitation of applications using the affected library via crafted inputs.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.