{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3230", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-02-25T20:42:49.228Z", "datePublished": "2026-03-19T20:59:54.021Z", "dateUpdated": "2026-03-20T17:09:01.453Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:59:54.021Z"}, "title": "Improper key_share validation in TLS 1.3 HelloRetryRequest", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "collectionURL": "https://github.com/wolfSSL/wolfssl", "packageName": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "modules": ["wolfSSL"], "programFiles": ["tls.c", "tls13.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does <b>not </b>affect the client's authentication of the server during TLS handshakes.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "CLEAR", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear"}}], "credits": [{"lang": "en", "value": "Jaehun Lee, Pohang University of Science and Technology (POSTECH)", "type": "finder"}, {"lang": "en", "value": "Kyungmin Bae, Pohang University of Science and Technology (POSTECH)", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T17:08:54.344097Z", "id": "CVE-2026-3230", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:09:01.453Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3230", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T17:08:54.344097Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:08:58.312Z"}}], "cna": {"title": "Improper key_share validation in TLS 1.3 HelloRetryRequest", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jaehun Lee, Pohang University of Science and Technology (POSTECH)"}, {"lang": "en", "type": "coordinator", "value": "Kyungmin Bae, Pohang University of Science and Technology (POSTECH)"}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 1.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "CLEAR", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "modules": ["wolfSSL"], "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "packageName": "wolfSSL", "programFiles": ["tls.c", "tls13.c"], "collectionURL": "https://github.com/wolfSSL/wolfssl", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does <b>not </b>affect the client's authentication of the server during TLS handshakes.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation Improper Input Validation"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:59:54.021Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3230", "state": "PUBLISHED", "dateUpdated": "2026-03-20T17:09:01.453Z", "dateReserved": "2026-02-25T20:42:49.228Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-03-19T20:59:54.021Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA3FA1CB-CEDC-4D49-9ECD-99BBF1602312", "versionEndExcluding": "5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes."}, {"lang": "es", "value": "Falta un paso criptogr\u00e1fico requerido en la l\u00f3gica de handshake HelloRetryRequest del cliente TLS 1.3 en wolfSSL podr\u00eda llevar a un compromiso en la confidencialidad de las comunicaciones protegidas por TLS a trav\u00e9s de un HelloRetryRequest manipulado seguido de un mensaje ServerHello que omite la extensi\u00f3n key_share requerida, resultando en la derivaci\u00f3n de secretos de tr\u00e1fico predecibles a partir del secreto compartido (EC)DHE. Este problema no afecta la autenticaci\u00f3n del cliente del servidor durante los handshakes TLS."}], "id": "CVE-2026-3230", "lastModified": "2026-03-26T18:33:37.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.2, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:X/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:12.483", "references": [{"source": "facts@wolfssl.com", "tags": ["Patch", "Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.9.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-03-26T20:29:28.941712+00:00", "value": {"mitigation_remediation": ["Update wolfSSL to a version that includes the fix from PR\u00a09754 and any associated security patches", "Validate that the updated library correctly rejects ServerHello messages missing the key_share extension during TLS\u00a01.3 handshakes", "Monitor TLS handshake logs for unusual HelloRetryRequest or missing key_share patterns and configure alerts if detected", "If a patch cannot be applied immediately, restrict the affected systems to trusted networks and consider disabling exposure to untrusted clients until remediation"], "summary": {"action": "Patch immediately", "impact": "Confidentiality compromise"}, "threat_synthesis": {"affected_systems": "This issue affects the wolfSSL library in all releases that implement the described TLS\u00a01.3 handshake behavior before the patch. No specific version numbers are listed in the CNA data, but every build using the affected HelloRetryRequest logic is potentially vulnerable.", "description_and_impact": "The vulnerability in wolfSSL arises from an improper validation of the key_share extension during the TLS\u00a01.3 HelloRetryRequest handshake. The flaw, a classic input validation failure (CWE-20), allows an attacker to send a crafted HelloRetryRequest followed by a ServerHello that omits the required key_share. Because the client mistakenly derives predictable traffic secrets from the shared key, the confidentiality of all encrypted data in that TLS session is compromised, though the server\u2019s authentication remains unaffected.", "risk_and_exploitability": "The CVSS score of 1.2 classifies the flaw as low severity, and the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not currently tracked in the CISA KEV catalog. Exploitation requires an attacker who can observe or influence a TLS handshake to inject the malformed sequence, making practical exploitation challenging. Nevertheless, the confidentiality loss warrants prompt remediation."}}}}, "created": "2026-03-20T08:56:04.699926+00:00", "updated": "2026-03-27T09:21:38.739594+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}