CVE-2026-5507 | THREATINT

Description

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.

PUBLISHED Reserved 2026-04-03 | Published 2026-04-09 | Updated 2026-04-14 | Assigner wolfSSL

MEDIUM: 4.1CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-502 Deserialization of untrusted data

Product status

Default status

unaffected

Any version

affected

Credits

Sunwoo Lee (Korea Institute of Energy Technology, KENTECH) finder

Woohyun Choi (Korea Institute of Energy Technology, KENTECH) finder

Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) finder

References

github.com/wolfSSL/wolfssl/pull/10088

cve.org (CVE-2026-5507)

nvd.nist.gov (CVE-2026-5507)

Download JSON