CVE-2026-5448 | wolfSSL up to 5.9.0 Compatibility Layer API wolfSSL_X509_notAfter/wolfSSL_X509_notBefore Date heap-based overflow

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability marked as critical has been reported in wolfSSL up to 5.9.0. The impacted element is the function wolfSSL_X509_notAfter/wolfSSL_X509_notBefore of the component Compatibility Layer API. The manipulation of the argument Date leads to heap-based buffer overflow.

This vulnerability is traded as CVE-2026-5448. Access to the local network is required for this attack to succeed. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2026-5448 | wolfSSL up to 5.9.0 Compatibility Layer API wolfSSL_X509_notAfter/wolfSSL_X509_notBefore Date heap-based overflow

Post correlati

CVE-2025-24968 | yogeshojha rengine up to 2.2.0 access control (GHSA-3327-6×79-q396)

CVE-2025-1946 | hzmanyun Education and Training System 2.1 /user/exportPDF id command injection

CVE-2025-20059 | Ping Identity PingAM Java Policy Agent up to 5.10.3/2023.11.1/2024.9 path traversal

CVE-2023-50314 | IBM WebSphere Application Liberty up to 24.0.0.8 certificate validation (XFDB-274713)