CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-6681

mediumCVSS 5.3covered by 1 sourcefirst seen 2026-06-25
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

⚡ Watch CVE-2026-6681

Get an email if CVE-2026-6681 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-6681

CVE.org record

Embed the live status

CVE-2026-6681 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-6681 status](https://www.csirts.com/badge/CVE-2026-6681)](https://www.csirts.com/cve/CVE-2026-6681)