CVE-2026-6094

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 25, 2026

Vendor unknown

Description

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

References

https://github.com/wolfSSL/wolfssl/pull/10128
https://www.wolfssl.com/docs/security-vulnerabilities/