CVE-2026-5188
CWE-191Published: April 10, 2026· Updated: Apr 13, 2026
Official Description
An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.
Technical Analysis
CVE-2026-5188 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (P) is needed, which slightly reduces the risk of mass automated attacks.
A proof-of-concept (PoC) exploit exists for CVE-2026-5188. While not yet confirmed in active campaigns, the availability of PoC code increases exploitation risk substantially.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-191)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-5188 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts