CRITICALVulnerability
Verified
Global
NVD CRITICAL: CVE-2026-6094 — Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 ...
·Source: NIST NVD
Updated:
Executive Summary
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
Analysis
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS. CVSS Score: 9.1. Published: 2026-06-25T18:16:41.567.