7.2
CVE-2026-3548 - Buffer overflow in CRL number parsing in wolfSSL
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, ei…
5
CVE-2026-2646 - Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers…
6.5
CVE-2026-26940 - Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service
Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal serie…
6.5
CVE-2026-26939 - Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration
Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an au…
5.5
CVE-2026-2645 - Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vuln…
