Description
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.
INFO
Published Date :
2026-04-09T22:18:44.067Z
Last Modified :
2026-04-09T22:18:44.067Z
Source :
wolfSSL
AFFECTED PRODUCTS
The following products are affected by CVE-2026-5507 vulnerability.
| Vendors | Products |
|---|---|
| Wolfssl |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5507.
| URL | Resource |
|---|---|
| https://github.com/wolfSSL/wolfssl/pull/10088 |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability