CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

CVE-2026-5500

CVE-2026-5500 affects wolfSSL (library) in wc_PKCS7_DecodeAuthEnvelopedData; the AES-GCM authentication tag length is not properly validated (no lower bound), allowing a MITM to truncate the MAC from 16 bytes to 1 byte and reduce tag verification strength from 2^-128 to 2^-8. This is described in...