CVE-2026-55967

UNKNOWN 0.0

AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

CWE	CWE-323
Vendor	wolfssl
Product	wolfssl
Published	Jun 25, 2026
Last Updated	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for wolfssl wolfssl

Be the first to know when new unknown vulnerabilities affecting wolfssl wolfssl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

wolfSSL / wolfSSL

4.8.0 ≤ 5.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wolfSSL/wolfssl/pull/10709 wolfssl.com: https://www.wolfssl.com/docs/security-vulnerabilities/

Credits

NVIDIA Project Vanessa