CVE-2026-6330

UNKNOWN 0.0

ML-KEM ARM64 NEON ciphertext comparison only compares half of the input

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating party could fail to detect a manipulated ciphertext and proceed without the standard's required implicit rejection.

CWE	CWE-327
Vendor	wolfssl
Product	wolfssl
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for wolfssl wolfssl

Be the first to know when new unknown vulnerabilities affecting wolfssl wolfssl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

wolfSSL / wolfSSL

5.7.4 ≤ 5.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wolfSSL/wolfssl/pull/10192 wolfssl.com: https://www.wolfssl.com/docs/security-vulnerabilities/

Credits

Nicholas Carlini from Anthropic