CVE-2026-5477
The CVE-2026-5477 issue concerns wolfCrypt CMAC: an integer overflow in wc_CmacUpdate caused by a guard that skips XOR-chaining on the first block when cmac->totalSz != 0. totalSz is a 32-bit value and wraps to zero after 2^28 blocks (4 GiB), which can discard the live CBC-MAC chain state. Thi...