Description
Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.




This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.
Published: 2026-03-19
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Compromise of cryptographic key material
Action: Upgrade Software
AI Analysis

Impact

The vulnerability is a fault injection flaw in wolfSSL’s wolfCrypt post‑quantum implementations (ML‑KEM and ML‑DSA) on ARM Cortex‑M microcontrollers. A physical attacker can induce transient faults that corrupt or redirect seed or pointer values during the Keccak‑based expansion, allowing the attacker to compromise key material or alter cryptographic outcomes. This weakness aligns with CWE‑335, fault injection leading to integrity or confidentiality compromise.

Affected Systems

WolfSSL (wolfCrypt) versions prior to commit d86575c766e6e67ef93545fa69c04d6eb49400c6 are affected. No specific version numbers are listed in the data; the commit hash indicates the code base where the flaw exists.

Risk and Exploitability

The CVSS score of 4.3 indicates low severity, but the exploit requires physical access to the Cortex‑M device to perform fault injections, making it a high‑effort attack for most adversaries. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. No publicly documented exploits are known. If physical proximity can be achieved, the attacker could gain access to sensitive keys or influence cryptographic operations, potentially compromising confidentiality or integrity.

Generated by OpenCVE AI on March 19, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a wolfSSL version released after commit d86575c766e6e67ef93545fa69c04d6eb49400c6 or to the latest stable release that addresses this fault injection issue.
  • If a patch is not available, apply hardware‑level fault detection or shielding to mitigate transient fault attacks on the device.
  • Ensure devices are physically secured to prevent unauthorized access or tampering.

Generated by OpenCVE AI on March 19, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfcrypt
Vendors & Products Wolfssl
Wolfssl wolfcrypt

Thu, 19 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.
Title Fault injection attack with ML-DSA and ML-KEM on ARM
Weaknesses CWE-335
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/U:Amber'}

Subscriptions

Wolfssl Wolfcrypt
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-19T19:24:36.198Z

Reserved: 2026-03-03T22:56:47.976Z

Link: CVE-2026-3503

cve-icon Vulnrichment

Updated: 2026-03-19T19:24:32.321Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T19:16:20.570

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-3503

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:06:40Z

Weaknesses