PKCS7 CBC Padding Oracle — Plaintext Recovery_CVE-2026-5504

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

Basic Information

ID CVE-2026-5504

Source wolfSSL

Published Apr 9, 2026 at 22:33

Affected Product

Vendor wolfSSL

Product wolfSSL

Affected Versions wolfSSL wolfSSL 0

CWE Classification

CWE-354

References

github.com /wolfSSL/wolfssl/pull/10088

{
    "lastseen": "",
    "description": "A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.",
    "published": "2026-04-09T22:33:42.179Z",
    "modified": "2026-04-09T22:33:42.179Z",
    "type": "cve",
    "title": "PKCS7 CBC Padding Oracle \u2014 Plaintext Recovery",
    "source": "wolfSSL",
    "references": "https://github.com/wolfSSL/wolfssl/pull/10088",
    "id": "CVE-2026-5504",
    "bulletinFamily": "",
    "cwe": [
        "CWE-354"
    ],
    "cvelist": null,
    "sourceData": "wolfSSL wolfSSL 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wolfSSL",
    "version": "0",
    "vendor": "wolfSSL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}