Wolfssl CVE-2026-5507

Q: What is the CVSS score of CVE-2026-5507?

CVE-2026-5507 has a CVSS 4.0 base score of 4.1 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21216 MEDIUM

Deserialization of Untrusted Data (CWE-502)

2026-04-09 wolfSSL

GHSA-f5fh-xmxq-55p9

Deserialization Wolfssl

4.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

4.1 MEDIUM

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Scope

Lifecycle Timeline

EUVD ID Assigned

Apr 09, 2026 - 22:31 euvd

EUVD-2026-21216

Analysis Generated

Apr 09, 2026 - 22:31 vuln.today

CVE Published

Apr 09, 2026 - 22:18 nvd

MEDIUM 4.1

DescriptionCVE.org

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.

AnalysisAI

wolfSSL versions up to 5.9.0 allow arbitrary memory deallocation via unsafe deserialization of poisoned session cache data. An attacker with high privileges who can inject a crafted session into the cache and trigger specific session restore API calls can cause memory corruption with availability impact. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Despite the low CVSS score of 4.1, this vulnerability presents moderate but constrained risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with local high-privilege access (e.g., root or system administrator) directly modifies the wolfSSL session cache file or memory region to inject a crafted session object containing a malicious pointer. When a legitimate application or process subsequently calls the session restore API and interacts with the session data, the pointer is dereferenced and freed, causing a memory corruption event that crashes the application or potentially triggers denial of service. …
Remediation	Upgrade wolfSSL to version 5.10.0 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5507 vulnerability details – vuln.today

Back