CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-6094 — Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 ...

·Source: NIST NVD

Updated:

Executive Summary

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

Analysis

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS. CVSS Score: 9.1. Published: 2026-06-25T18:16:41.567.

Indicators of Compromise (1)

CVE (1)
CVE-2026-6094
Source Attribution

Originally published by NIST NVD on Jun 25, 2026. Verified by: NIST.

Related Threats