Which versions of Wolfssl are affected by EUVD-2026-13150?

A high-severity buffer overflow vulnerability in wolfSSL's CRL parser could allow attackers to execute arbitrary code if your organization loads Certificate Revocation Lists from untrusted sources.. A patch is available.

How to fix or mitigate EUVD-2026-13150?

Within 24 hours: Inventory all systems using wolfSSL with CRL support enabled and identify which parse CRLs from untrusted or external sources. Within 7 days: Disable CRL support if not operationally critical, or implement network controls to restrict CRL sources to trusted, authenticated endpoints only. Within 30 days: Monitor wolfSSL security advisories for patch availability and establish a rapid deployment plan; evaluate alternative cryptographic libraries as a longer-term mitigation.

Wolfssl EUVD-2026-13150

Q: What is the CVSS score of EUVD-2026-13150?

EUVD-2026-13150 has a CVSS 4.0 base score of 7.2 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-3548 HIGH

Out-of-bounds Write (CWE-787)

2026-03-19 wolfSSL

Buffer Overflow Memory Corruption Wolfssl

7.2

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 18:52 vuln.today

cvss_changed

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 19, 2026 - 18:00 euvd

EUVD-2026-13150

Analysis Generated

Mar 19, 2026 - 18:00 vuln.today

CVE Published

Mar 19, 2026 - 17:45 nvd

HIGH 7.2

DescriptionCVE.org

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.

AnalysisAI

Buffer overflow vulnerabilities in wolfSSL's CRL parser enable heap and stack memory corruption when processing maliciously crafted Certificate Revocation Lists, allowing potential code execution on affected systems. This vulnerability only impacts installations with explicit CRL support enabled that load CRLs from untrusted sources. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious CRL with oversized number

Delivery

Load untrusted CRL into wolfSSL parser

Exploit

Trigger buffer overflow in hex conversion

Execution

Write beyond heap/stack bounds

Impact

Corrupt memory and crash process

Access

Craft malicious CRL with oversized number

Delivery

Load untrusted CRL into wolfSSL parser

Exploit

Trigger buffer overflow in hex conversion

Execution

Write beyond heap/stack bounds

Impact

Corrupt memory and crash process

Vulnerability AssessmentAI

Exploitation	Requires wolfSSL built with CRL (Certificate Revocation List) support explicitly enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Out-of-bounds reads can leak sensitive information from memory, while out-of-bounds writes can corrupt data or enable code execution. Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker provides a crafted input that causes the application to read or write beyond buffer boundaries, potentially leaking memory contents or hijacking control flow.
Remediation	Implement proper bounds checking on all array and buffer accesses. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems using wolfSSL with CRL support enabled and identify which parse CRLs from untrusted or external sources. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Debian

wolfssl

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	4.6.0+p1-0+deb11u2	-
bookworm	vulnerable	5.5.4-2+deb12u2	-
trixie	vulnerable	5.7.2-0.1+deb13u1	-
forky, sid	vulnerable	5.8.4-1	-
(unstable)	fixed	(unfixed)	-

EUVD-2026-13150 vulnerability details – vuln.today

Back