Skip to main content

Oracle EUVDEUVD-2026-21235

| CVE-2026-5504 MEDIUM
Improper Validation of Integrity Check Value (CWE-354)
2026-04-09 facts@wolfssl.com GHSA-qvjw-73xm-jw34
6.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 09, 2026 - 23:22 euvd
EUVD-2026-21235
Analysis Generated
Apr 09, 2026 - 23:22 vuln.today
CVE Published
Apr 09, 2026 - 23:17 nvd
MEDIUM 6.3

DescriptionCVE.org

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

AnalysisAI

Padding oracle vulnerability in wolfSSL's PKCS7 CBC decryption allows unauthenticated remote attackers to recover plaintext through repeated decryption queries with modified ciphertext, exploiting insufficient validation of interior padding bytes. The vulnerability requires high attack complexity and persistent attacker interaction but presents practical risk to systems using affected wolfSSL versions for PKCS7-encrypted communications.

Technical ContextAI

The vulnerability exists in wolfSSL's implementation of PKCS7 padding validation during CBC mode decryption. PKCS7 specifies that padding bytes must all contain the same value equal to the number of padding bytes added. The flaw lies in inadequate validation of interior padding bytes-bytes between the first and last padding byte-which enables a padding oracle attack. An attacker can iteratively modify ciphertext, submit it for decryption, and observe whether the decryption succeeds or fails, using these timing or error-response differences to infer information about the plaintext. This is a classic side-channel vulnerability (CWE-354: Improper Validation of Specified Quantity in Input) that allows bit-by-bit plaintext recovery without knowing the encryption key.

RemediationAI

Apply the patched version of wolfSSL released following PR #10088 (https://github.com/wolfSSL/wolfssl/pull/10088), which implements proper validation of all interior padding bytes in PKCS7 CBC decryption. Update wolfSSL library to the latest stable release that incorporates this fix. As a temporary workaround for high-risk deployments, avoid exposing decryption failure details (timing differences or distinct error messages) to untrusted network clients; instead, fail closed by treating all padding validation failures identically and logging events server-side only. Ensure applications do not retry decryption with modified ciphertexts based on user input.

Share

EUVD-2026-21235 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy