Which versions of TLS are affected by CVE-2026-3549?

CVE-2026-3549 is a high-severity integer underflow vulnerability in wolfSSL's TLS 1.3 Encrypted Client Hello (ECH) extension that can trigger heap buffer overflow conditions, potentially causing…. A patch is available.

TLS CVE-2026-3549

Q: What is the CVSS score of CVE-2026-3549?

CVE-2026-3549 has a CVSS 4.0 base score of 8.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-13168 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-03-19 wolfSSL

Buffer Overflow Heap Overflow

8.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:20 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

5.9.0

EUVD ID Assigned

Mar 19, 2026 - 21:00 euvd

EUVD-2026-13168

Analysis Generated

Mar 19, 2026 - 21:00 vuln.today

CVE Published

Mar 19, 2026 - 20:09 nvd

HIGH 8.3

DescriptionNVD

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

AnalysisAI

Integer underflow in TLS 1.3 ECH (Encrypted Client Hello) extension parsing within wolfSSL allows remote attackers to trigger heap buffer overflow conditions with availability impact through specially crafted network packets. While ECH is disabled by default in wolfSSL and the specification remains unstable, exploitation requires no authentication and succeeds under specific timing conditions. …

RemediationAI

Within 24 hours: Audit all wolfSSL deployments to confirm ECH is disabled (default state); document any instances where ECH is explicitly enabled. Within 7 days: Contact wolfSSL vendor for patch availability timeline and interim guidance; disable ECH on any affected systems where feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3549 vulnerability details – vuln.today

Back

TLS CVE-2026-3549

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

TLS CVE-2026-3549

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code