Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to submit crafted EnvelopedData messages and observe error responses could use this as a padding oracle to incrementally recover the encrypted Content Encryption Key (CEK). The fix generates a deterministic pseudo-random fake CEK on padding failure (via HMAC-SHA256) and proceeds with decryption identically, using constant-time operations throughout, so that all failure paths produce the same error regardless of padding validity.
References
| Link | Resource |
|---|---|
| https://github.com/wolfSSL/wolfssl/pull/10203 | Issue Tracking |
| https://www.wolfssl.com/docs/security-vulnerabilities/ | Vendor Advisory |
Configurations
History
26 Jun 2026, 16:51
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| First Time |
Wolfssl wolfssl
Wolfssl |
|
| CPE | cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* | |
| References | () https://github.com/wolfSSL/wolfssl/pull/10203 - Issue Tracking | |
| References | () https://www.wolfssl.com/docs/security-vulnerabilities/ - Vendor Advisory |
25 Jun 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 18:16
Updated : 2026-06-26 16:51
NVD link : CVE-2026-6291
Mitre link : CVE-2026-6291
CVE.ORG link : CVE-2026-6291
JSON object : View
Products Affected
wolfssl
- wolfssl
CWE
CWE-208
Observable Timing Discrepancy
