Use-after-free in wolfSSL - CVE-2026-7531
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in PQC hybrid key-share handling when processing a truncated PQC hybrid KeyShare. A remote attacker can send a truncated PQC hybrid KeyShare to cause a denial of service.
The issue can be triggered by a malicious TLS 1.3 server.