Loading market data...
← Back to CVE feed

CVE-2026-7531

CRITICAL CVSS 9.8 View on NVD ↗

Description

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

wolfssl/wolfssl
Published: Jun 25, 2026 20:17 UTC Modified: Jun 26, 2026 16:53 UTC