CVE-2026-6681: The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSS
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-6681
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-66810.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-6681 | coverage & exploitation status | NVD · CVE.org |
More from NVD Recent CVEs
- highCVE-2026-15491: A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cc…2026-07-12
- highCVE-2026-15490: A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6…2026-07-12
- highCVE-2026-15489: A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cc…2026-07-12
- highCVE-2026-15488: A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function F…2026-07-12
- mediumCVE-2026-15487: A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0…2026-07-12