ByteOS Network

NVD Vulnerability Details :

CVE-2026-5188

Analyzed

Source-facts@wolfssl.com

Published At-10 Apr, 2026 | 04:17

Updated At-29 Apr, 2026 | 13:54

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.3	LOW	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Type: Secondary

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CPE Matches

wolfssl>>wolfssl>>Versions before 5.9.1(exclusive)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-191	Secondary	facts@wolfssl.com

CWE ID: CWE-191

Type: Secondary

Source: facts@wolfssl.com

References

Hyperlink	Source	Resource
https://github.com/wolfSSL/wolfssl/pull/10024	facts@wolfssl.com	Issue Tracking Patch

Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10024

Source: facts@wolfssl.com

Resource:

Issue Tracking

Patch

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History