CVE-2026-5504

UNKNOWN 0.0

PKCS7 CBC Padding Oracle — Plaintext Recovery

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

5th

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

CWE	CWE-354
Vendor	wolfssl
Product	wolfssl
Published	Apr 9, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for wolfssl wolfssl

Be the first to know when new unknown vulnerabilities affecting wolfssl wolfssl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

wolfSSL / wolfSSL

0 ≤ 5.9.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wolfSSL/wolfssl/pull/10088

Credits

Sunwoo Lee of Korea Institute of Energy Technology (KENTECH) for the report. Woohyun Choi of Korea Institute of Energy Technology (KENTECH) for the report. Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report.