Cyber Resilience

CVE-2026-7531

Low

Published: 25 June 2026

Published
25 June 2026
Modified
26 June 2026
KEV Added
Patch
CVSS Score v4 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0035 26.6th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-7531 is a low-severity Use After Free (CWE-416) vulnerability in Wolfssl Wolfssl. Its CVSS base score is 2.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free in TLS 1.3 client triggered by malicious server directly enables remote client-side code execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-55958Same product: Wolfssl Wolfssl
CVE-2026-6094Same product: Wolfssl Wolfssl
CVE-2026-3849Same product: Wolfssl Wolfssl
CVE-2026-6681Same product: Wolfssl Wolfssl
CVE-2026-6330Same product: Wolfssl Wolfssl
CVE-2024-1544Same product: Wolfssl Wolfssl
CVE-2026-6678Same product: Wolfssl Wolfssl
CVE-2026-10097Same product: Wolfssl Wolfssl
CVE-2026-3547Same product: Wolfssl Wolfssl
CVE-2022-25638Same product: Wolfssl Wolfssl

Affected Assets

wolfssl
wolfssl
5.8.0 — 5.9.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

Hardening callouts derived

Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).

Oracle Linux 8 (1 rule)
  • V-248592 OL 8 must clear memory when it is freed to prevent use-after-free attacks. via CWE-416
RHEL 8 (1 rule)
  • V-230279 RHEL 8 must clear memory when it is freed to prevent use-after-free attacks. via CWE-416
RHEL 9 (1 rule)
  • V-257794 RHEL 9 must clear memory when it is freed to prevent use-after-free attacks. via CWE-416

References