CVE-2026-2646

Name of the Vulnerable Software and Affected Versions wolfSSL (affected versions not specified)

Description A heap-buffer-overflow issue exists in the wolfSSL d2i SSL SESSION() function. When deserializing session data with SESSION CERTS enabled, the lengths of certificate and session ID are read from untrusted input without validation, potentially leading to a heap memory overflow. A crafted session loaded from an external source is required to trigger this issue. Internal sessions are not affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.