CVE-2026-5500
CVE-2026-5500 affects wolfSSL (library) in wc_PKCS7_DecodeAuthEnvelopedData; the AES-GCM authentication tag length is not properly validated (no lower bound), allowing a MITM to truncate the MAC from 16 bytes to 1 byte and reduce tag verification strength from 2^-128 to 2^-8. This is described in...