VYPR
Medium severity5.2NVD Advisory· Published Mar 19, 2026· Updated Apr 29, 2026

CVE-2026-3503

CVE-2026-3503

Description

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.

This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • WolfSSL/Wolfssl2 versions
    cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*range: >=5.8.2,<5.9.0
    • (no CPE)range: commit d86575c766e6e67ef93545fa69c04d6eb49400c6
  • Range: commit d86575c766e6e67ef93545fa69c04d6eb49400c6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.