CVE-2026-5188 LOW

CVE-2026-5188: Integer underflow in X.509 SAN parsing in wolfSSL

Vendor Wolfssl
Product wolfSSL
Weakness CWE-191
Published April 10, 2026
Last update April 10, 2026

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

Key dates

02Disclosure timeline

April 10, 2026 CVE published
April 10, 2026 Record updated