CVE-2026-5460 - Vulnerability Details

- Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3

Description

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory.

Published: 2026-04-09

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A heap use‑after‑free bug exists in the error-cleanup path of wolfSSL’s TLS 1.3 post‑quantum cryptography hybrid key share processing. When an error occurs, an internal function frees a Kyber key object, and a later call attempts to zero‑out that already‑freed object, writing zeroes to freed heap memory. This produces an undefined memory write that can crash the application and corrupt program state. The weakness is mapped to CWE‑416.

Affected Systems

The vulnerability affects the wolfSSL cryptographic library, specifically the TLS 1.3 implementation that supports PQC hybrid key share. Because no specific version ranges are listed, any wolfSSL release that includes PQC hybrid key share before the fix is potentially impacted.

Risk and Exploitability

The CVSS base score of 6.3 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalogue. A likely attack vector, inferred from the functionality described, would involve an adversary initiating a TLS 1.3 handshake using a PQC hybrid key share to trigger the error path and overwrite freed memory. The CVE description does not confirm that arbitrary code execution can result; the primary expected impact is denial of service through application crash or corruption of program state.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

wolfSSL

unaffected

Version	Status	Constraints
`0`	affected	< 5.9.1

No data.

Vendor Product Confidence Versions

Wolfssl

100%

Version	Status	Scheme	Platform
`[0,5.9.1)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the patch from GitHub pull request 10092 to update wolfSSL to a fixed version.
Disable PQC hybrid key share in the TLS 1.3 configuration to avoid triggering the error cleanup path.
Rebuild or compile the application or library excluding the PQC hybrid functionality when it is not required.
Continuously monitor TLS handshake logs and application stability for unexpected crashes or anomalies.

Generated by OpenCVE AI on April 10, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/wolfssl/wolfssl/pull/10092

History

Fri, 10 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wolfssl Wolfssl wolfssl
Vendors & Products		Wolfssl Wolfssl wolfssl

Thu, 09 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory.
Title		Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Weaknesses		CWE-416
References		https://github.com/wolfssl/wolfssl/pull/10092
Metrics		cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

Wolfssl Wolfssl

MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published: 2026-04-09T23:29:27.577Z

Updated: 2026-04-10T13:51:18.283Z

Reserved: 2026-04-02T22:57:35.093Z

Link: CVE-2026-5460

Vulnrichment

Updated: 2026-04-10T13:51:14.864Z

NVD

Status : Received

Published: 2026-04-10T00:16:36.033

Modified: 2026-04-10T00:16:36.033

Link: CVE-2026-5460

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-10T09:27:25Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object