CVE-2026-5503

Name of the Vulnerable Software and Affected Versions WolfSSL (affected versions not specified)

Description The TLSX EchChangeSNI function incorrectly set extensions even when TLSX Find returned NULL. This allowed TLSX UseSNI to attach an attacker-controlled publicName to the shared WOLFSSL CTX when no inner SNI was configured. TLSX EchRestoreSNI then failed to remove this malicious extension because its removal depended on serverNameX not being NULL. The ClientHello was sized before the pollution but written after, leading to TLSX SNI Write copying 255 bytes beyond the allocated memory boundary.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.