—

CVE-2026-5447EXPLOITEDPATCHED

wolfssl · wolfssl

Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier

Description

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.

Affected Products

Vendor	Product	Versions
wolfssl	wolfssl	0, 5.9.0

References

https://github.com/wolfSSL/wolfssl/pull/10112

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-5447 | wolfSSL up to 5.9.0 heap-based overflow

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.9.1

CWECWE-122

PublishedApr 9, 2026

Last enriched3h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-5477EXP

Prefix-substitution forgery via integer overflow in wolfCrypt CMAC

Trending: 50

CRITICALCVE-2026-5194EXP

wolfSSL ECDSA Certificate Verification

Trending: 49

CRITICALCVE-2026-5501EXP

Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates

Trending: 49

CRITICALCVE-2026-5503EXP

out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName

Trending: 49

CRITICALCVE-2026-5188EXP

Integer underflow in X.509 SAN parsing in wolfSSL

Trending: 49

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Actively Exploited

Apr 9, 2026

Patch Available

Apr 9, 2026

Updated: severity, affectedVersions, activelyExploited, tags

Apr 10, 2026

Version History

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL, added affected version 5.9.0, and marked the vulnerability as actively exploited.

severityaffectedVersionsactivelyExploitedtags

via VulDB

v111h ago

Initial creation