Cyber Resilience

CVE-2026-6681

Low

Published: 25 June 2026

Published
25 June 2026
Modified
27 June 2026
KEV Added
Patch
CVSS Score v4 1.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
EPSS Score 0.0026 17.0th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-6681 is a low-severity Classic Buffer Overflow (CWE-120) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 1.0 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow in untrusted PKCS#7 input processing directly enables remote code execution against applications using the library, mapping to public-facing application exploitation or client-side execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36177Same product: Wolfssl Wolfssl
CVE-2025-8854Shared CWE-120, CWE-787
CVE-2024-57703Shared CWE-120, CWE-787
CVE-2025-25664Shared CWE-120, CWE-787
CVE-2023-7208Shared CWE-120, CWE-787
CVE-2024-30620Shared CWE-120, CWE-787
CVE-2024-7583Shared CWE-120, CWE-787
CVE-2024-41464Shared CWE-120, CWE-787
CVE-2026-48686Shared CWE-120, CWE-787
CVE-2026-24793Shared CWE-120, CWE-787

Affected Assets

wolfssl
wolfssl
3.10.0 — 5.9.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References