Medium severity5.2NVD Advisory· Published Mar 19, 2026· Updated Apr 29, 2026

CVE-2026-3503

Description

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.

This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.

Affected products

WolfSSL/Wolfssl
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Range: >=5.8.2,<5.9.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wolfSSL/wolfssl/pull/9734nvdIssue TrackingPatch

News mentions

No linked articles in our index yet.

cvss	0.338
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000