CVE-2026-3549

Name of the Vulnerable Software and Affected Versions wolfSSL (affected versions not specified)

Description An integer underflow existed in the TLS 1.3 Encrypted Client Hello (ECH) extension parsing logic when calculating a buffer length. This resulted in writing beyond the bounds of an allocated buffer, leading to a heap overflow. Note that ECH is off by default in wolfSSL, and the ECH standard is still evolving.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.