Is there a patch available for CVE-2026-5393?

Yes, a patch is available for CVE-2026-5393. Update the affected software to the latest version immediately.

Wolfssl CVE-2026-5393

Q: What is the CVSS score of CVE-2026-5393?

CVE-2026-5393 has a CVSS 4.0 base score of 6.3 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21231 MEDIUM

Out-of-bounds Read (CWE-125)

2026-04-09 wolfSSL

GHSA-f4w6-5m9p-28hw

Information Disclosure Buffer Overflow Wolfssl

6.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

6.3 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

5.9.1

EUVD ID Assigned

Apr 09, 2026 - 23:31 euvd

EUVD-2026-21231

Analysis Generated

Apr 09, 2026 - 23:31 vuln.today

CVE Published

Apr 09, 2026 - 23:02 nvd

MEDIUM 6.3

DescriptionCVE.org

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.

AnalysisAI

Out-of-bounds read in wolfSSL's dual-algorithm CertificateVerify processing allows remote attackers to trigger information disclosure and data integrity violations through crafted input, but only when the library is compiled with both --enable-experimental and --enable-dual-alg-certs flags. The vulnerability affects wolfSSL versions before 5.9.1 and requires network access with low attack complexity, though the attack triggering mechanism involves a passive timing or state condition (AT:P). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Despite a CVSS score of 6.3 (medium), real-world risk is constrained by multiple mitigating factors: the vulnerability requires dual compilation flags (--enable-experimental and --enable-dual-alg-certs) that are not enabled in typical production builds, limiting affected deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with network access crafts a malicious TLS handshake message containing a specially constructed dual-algorithm CertificateVerify payload and sends it to a vulnerable wolfSSL server or client compiled with experimental dual-algorithm support enabled. The out-of-bounds read is triggered during certificate verification, potentially leaking adjacent memory contents or corrupting application state. …
Remediation	Upgrade wolfSSL to version 5.9.1 or later, which includes the fix merged in GitHub PR #10079. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5393 vulnerability details – vuln.today

Back