Vulnerability Description
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wolfssl | Wolfssl | >= 5.2.1, < 5.9.1 |
Related Weaknesses (CWE)
References
- https://github.com/wolfSSL/wolfssl/pull/10111Issue TrackingPatch
FAQ
What is CVE-2026-5446?
CVE-2026-5446 is a vulnerability with a CVSS score of 7.1 (HIGH). In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-suppli...
How severe is CVE-2026-5446?
CVE-2026-5446 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5446?
Check the references section above for vendor advisories and patch information. Affected products include: Wolfssl Wolfssl.