CVE-2026-55967
Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
25/06/2026
Last modified:
26/06/2026
Description
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.
Impact
Base Score 4.0
2.00
Severity 4.0
LOW
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* | 4.8.0 (including) | 5.9.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



