Which versions of Wolfssl are affected by CVE-2026-3849?

CVE-2026-3849 presents notable security risk, a out-of-bounds write vulnerability rated CVSS 6.9. Exploitation could cause memory corruption or application crashes.

Wolfssl CVE-2026-3849

Q: What is the CVSS score of CVE-2026-3849?

CVE-2026-3849 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:M/U:Amber. EPSS exploitation probability: 0.3%.

EUVD-2026-13231 MEDIUM

Out-of-bounds Write (CWE-787)

2026-03-19 wolfSSL

Buffer Overflow Memory Corruption Wolfssl

6.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

6.9 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:M/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:M/U:Amber

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Mar 19, 2026 - 21:00 euvd

EUVD-2026-13231

Analysis Generated

Mar 19, 2026 - 21:00 vuln.today

CVE Published

Mar 19, 2026 - 20:29 nvd

MEDIUM 6.9

DescriptionCVE.org

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.

AnalysisAI

Stack buffer overflow in wolfSSL 5.8.4's ECH (Encrypted Client Hello) implementation allows remote attackers to crash TLS clients or achieve code execution by sending a maliciously crafted ECH configuration. The vulnerability affects clients that have explicitly enabled ECH support, which is disabled by default. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Out-of-bounds reads can leak sensitive information from memory, while out-of-bounds writes can corrupt data or enable code execution. Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker provides a crafted input that causes the application to read or write beyond buffer boundaries, potentially leaking memory contents or hijacking control flow.
Remediation	Implement proper bounds checking on all array and buffer accesses. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-3849 vulnerability details – vuln.today

Back