CVE-2026-6094
CRITICALHeap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
Published: 6/25/2026Modified: 6/26/2026