CVE-2026-4159

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.4 and earlier

Description An out-of-bounds heap read issue exists in the wc PKCS7 DecodeEnvelopedData function when processing crafted CMS EnvelopedData messages containing zero-length encrypted content. This issue could lead to a 1-byte heap read outside of allocated memory boundaries. Note that PKCS7 support is disabled by default.

Recommendations Update wolfSSL to a version later than 5.8.4.