CVE-2026-6679 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2026-6679?

CVE-2026-6679 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-6679?

Check the references section above for vendor advisories and patch information. Affected products include: Wolfssl Wolfssl.

Vulnerability Description

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wolfssl	Wolfssl	>= 5.4.0, < 5.9.1

Related Weaknesses (CWE)

CWE-787 CWE-190 CWE-197

References

https://github.com/wolfSSL/wolfssl/pull/10116Issue TrackingPatch
https://www.wolfssl.com/docs/security-vulnerabilities/Vendor Advisory

FAQ

What is CVE-2026-6679?

CVE-2026-6679 is a vulnerability with a CVSS score of 7.5 (HIGH). A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of...

How severe is CVE-2026-6679?

CVE-2026-6679 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-6679?

Check the references section above for vendor advisories and patch information. Affected products include: Wolfssl Wolfssl.