Reusing a Nonce, Key Pair in Encryption in wolfSSL - CVE-2026-55967
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to recover plaintext.
The vulnerability exists due to improper input validation in the AES-GCM streaming APIs when processing extremely large cumulative single message sizes. A remote attacker can trigger counter wrap and keystream reuse to recover plaintext.
The issue occurs for cumulative single message sizes greater than 64 GiB.