CVE-2026-55967

Summary

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

Affected Software

VendorProductVersion RangeStatus
wolfSSLwolfSSL4.8.0 <= 5.9.1affected

Weaknesses

  • CWE-323: CWE-323 Reusing a Nonce, Key Pair in Encryption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References