Skip to main content

Wolfssl Wolfcrypt CVE-2026-3503

| EUVDEUVD-2026-13149 MEDIUM
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (CWE-335)
2026-03-19 wolfSSL
4.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 19, 2026 - 19:00 euvd
EUVD-2026-13149
Analysis Generated
Mar 19, 2026 - 19:00 vuln.today
CVE Published
Mar 19, 2026 - 18:12 nvd
MEDIUM 4.3

DescriptionCVE.org

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.

This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.

AnalysisAI

CVE-2026-3503 is a security vulnerability (CVSS 4.3) that allows a physical attacker. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

Vulnerability type not specified by vendor.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

Debian

wolfssl
Release Status Fixed Version Urgency
bullseye vulnerable 4.6.0+p1-0+deb11u2 -
bookworm vulnerable 5.5.4-2+deb12u2 -
trixie vulnerable 5.7.2-0.1+deb13u1 -
forky, sid vulnerable 5.8.4-1 -
(unstable) fixed (unfixed) -

Share

CVE-2026-3503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy