A vulnerability was found in wolfSSL up to 5.9.0. It has been rated as critical. Impacted is the function TLSX_EchChangeSNI of the component ClientHello Handler. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2026-5503. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.
| Vendor | Product | Versions |
|---|---|---|
| wolfssl | wolfssl | 0, 5.9.0 |
Updated description with critical severity, added affected version 5.9.0, and noted that the vulnerability is actively exploited.
Initial creation
