CVE-2026-5503
CWE-787Published: April 9, 2026· Updated: Apr 13, 2026
Official Description
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary.
Technical Analysis
CVE-2026-5503 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A proof-of-concept (PoC) exploit exists for CVE-2026-5503. While not yet confirmed in active campaigns, the availability of PoC code increases exploitation risk substantially.
From a weakness classification perspective (CWE-787): Out-of-bounds write vulnerabilities can lead to data corruption, crashes, or arbitrary code execution.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-787)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-5503 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts