Improper Verification of Cryptographic Signature in wolfSSL - CVE-2026-10097
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to weaken ciphertext integrity protections.
The vulnerability exists due to improper authentication in the ML-KEM-1024 x64 AVX2 implicit rejection path when decapsulating ciphertext. A remote attacker can supply crafted ciphertext to weaken ciphertext integrity protections.
The issue affects the x64 AVX2 code path.