CVE-2026-3503

CVSS v3.1

5.2

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions wolfSSL (wolfCrypt) versions prior to commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6

Description A protection mechanism failure exists in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) within wolfSSL on ARM Cortex-M microcontrollers. This allows a physical attacker to compromise key material and/or cryptographic outcomes. The attack involves inducing transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.

Recommendations Update wolfSSL (wolfCrypt) to a version with commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-335

Related Identifiers

CVE-2026-3503

Affected Products

Arm Cortex-M

Wolfcrypt

Wolfssl

CVE-2026-3503

Weakness Enumeration

Related Identifiers

Affected Products

References · 8