CVE-2026-5446

wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse

Description

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard.

INFO

Published Date :

2026-04-09T21:02:27.201Z

Last Modified :

2026-04-10T18:11:52.759Z

Source :

wolfSSL

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5446 vulnerability.

Vendors	Products
Wolfssl	Wolfssl

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5446.

URL	Resource
https://github.com/wolfSSL/wolfssl/pull/10111

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability