Platform
c
Component
wolfssl
Fixed in
5.9.1
CVE-2026-5460 describes a heap use-after-free vulnerability found in wolfSSL's implementation of TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. This flaw occurs when an error is encountered during KeyShare processing, leading to a write operation on freed memory, potentially causing a denial of service. The vulnerability impacts wolfSSL versions from 0.0.0 up to and including 5.9.1. A fix is available in version 5.9.1.
CVE-2026-5460 affects wolfSSL, specifically within the post-quantum cryptography (PQC) hybrid KeyShare processing for TLS 1.3. The vulnerability resides in the TLSXKeyShareProcessPqcHybridClient() function within src/tls.c. During error handling, the TLSXKeyShareProcessPqcClientex() function frees a KyberKey object. Subsequently, the calling function, TLSXKeyShare_FreeAll(), attempts to call ForceZero() on this already-freed KyberKey, resulting in writes of zero bytes over freed heap memory. This can lead to a denial-of-service (DoS) condition or, in more complex scenarios, arbitrary code execution, although the latter is less likely to be exploited.
Exploitation of this vulnerability requires an attacker who can control TLS 1.3 traffic and manipulate the hybrid PQC KeyShare exchange. The attacker must be able to trigger an error during KeyShare processing, which will then trigger the free and ForceZero() sequence on freed memory. The difficulty of exploitation depends on the complexity of the TLS 1.3 and PQC implementation in the affected system. While arbitrary code execution is theoretically possible, a denial-of-service is the more probable and easily achievable outcome.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
The recommended solution is to upgrade to wolfSSL version 5.9.1. This version includes a fix that prevents the premature freeing of the KyberKey object and ensures that ForceZero() is only called on valid memory. If immediate upgrading is not possible, consider implementing mitigations such as isolating services that use wolfSSL and monitoring memory for patterns of writes to freed memory. Regularly reviewing TLS 1.3 and PQC configurations to ensure only necessary features are enabled and that the latest security updates are applied is also crucial.
Actualice a la versión 5.9.1 o posterior de wolfSSL para mitigar la vulnerabilidad de uso posterior a la liberación en el procesamiento de KeyShare híbrido PQC TLS 1.3. La actualización corrige el error al liberar incorrectamente la memoria y posteriormente intentar escribir en ella, previniendo posibles fallos o ejecuciones de código arbitrario.
Vulnerability analysis and critical alerts directly to your inbox.
KyberKey is a specific data object used in the context of post-quantum cryptography (PQC) key exchange algorithms based on Kyber, implemented in wolfSSL.
The vulnerability can lead to a denial-of-service, disrupting the availability of services that use wolfSSL. In rare cases, it could potentially allow for arbitrary code execution.
Implement mitigations such as service isolation and memory monitoring. Review and limit the use of TLS 1.3 and PQC.
The fix is available in version 5.9.1. No patches are available for older versions.
ForceZero() is a function that writes zeros over a region of memory. In this case, it is attempted on memory that has already been freed, causing the vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.