CVE-2026-7531

Vulnerability Description

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

Vulnerability Details

Published Date

June 25, 2026

Last Modified

June 25, 2026

CWE ID

CWE-416

Source

NVD

External References

https://github.com/wolfSSL/wolfssl/pull/10327
https://www.wolfssl.com/docs/security-vulnerabilities/

CVE-2026-7531

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment