{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3230", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-02-25T20:42:49.228Z", "datePublished": "2026-03-19T20:59:54.021Z", "dateUpdated": "2026-03-20T17:09:01.453Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:59:54.021Z"}, "title": "Improper key_share validation in TLS 1.3 HelloRetryRequest", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "collectionURL": "https://github.com/wolfSSL/wolfssl", "packageName": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "modules": ["wolfSSL"], "programFiles": ["tls.c", "tls13.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does <b>not </b>affect the client's authentication of the server during TLS handshakes.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "CLEAR", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear"}}], "credits": [{"lang": "en", "value": "Jaehun Lee, Pohang University of Science and Technology (POSTECH)", "type": "finder"}, {"lang": "en", "value": "Kyungmin Bae, Pohang University of Science and Technology (POSTECH)", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T17:08:54.344097Z", "id": "CVE-2026-3230", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:09:01.453Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3230", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T17:08:54.344097Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:08:58.312Z"}}], "cna": {"title": "Improper key_share validation in TLS 1.3 HelloRetryRequest", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jaehun Lee, Pohang University of Science and Technology (POSTECH)"}, {"lang": "en", "type": "coordinator", "value": "Kyungmin Bae, Pohang University of Science and Technology (POSTECH)"}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 1.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "CLEAR", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "modules": ["wolfSSL"], "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "packageName": "wolfSSL", "programFiles": ["tls.c", "tls13.c"], "collectionURL": "https://github.com/wolfSSL/wolfssl", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does <b>not </b>affect the client's authentication of the server during TLS handshakes.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation Improper Input Validation"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:59:54.021Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3230", "state": "PUBLISHED", "dateUpdated": "2026-03-20T17:09:01.453Z", "dateReserved": "2026-02-25T20:42:49.228Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-03-19T20:59:54.021Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA3FA1CB-CEDC-4D49-9ECD-99BBF1602312", "versionEndExcluding": "5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes."}, {"lang": "es", "value": "Falta un paso criptogr\u00e1fico requerido en la l\u00f3gica de handshake HelloRetryRequest del cliente TLS 1.3 en wolfSSL podr\u00eda llevar a un compromiso en la confidencialidad de las comunicaciones protegidas por TLS a trav\u00e9s de un HelloRetryRequest manipulado seguido de un mensaje ServerHello que omite la extensi\u00f3n key_share requerida, resultando en la derivaci\u00f3n de secretos de tr\u00e1fico predecibles a partir del secreto compartido (EC)DHE. Este problema no afecta la autenticaci\u00f3n del cliente del servidor durante los handshakes TLS."}], "id": "CVE-2026-3230", "lastModified": "2026-03-26T18:33:37.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.2, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:X/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:12.483", "references": [{"source": "facts@wolfssl.com", "tags": ["Patch", "Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.9.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-03-19T22:25:41.912136+00:00", "value": {"mitigation_remediation": ["Upgrade to a wolfSSL release that incorporates the fix referenced in GitHub pull request\u202f9754 or the corresponding upstream commit. Verify that TLS\u202f1.3 HelloRetryRequest processing now requires validation of the key_share extension before deriving traffic secrets."], "summary": {"action": "Immediate Patch", "impact": "Confidentiality Compromise (TLS)"}, "threat_synthesis": {"affected_systems": "The affected product is wolfSSL. No specific version ranges are listed in the CNA data, but the issue is present in any build of wolfSSL that incorporates the vulnerable HelloRetryRequest handling code before the fix referenced in the pull\u2011request. Users should inspect their installed wolfSSL version against the upstream changelog or the pull request for confirmation.", "description_and_impact": "The vulnerability arises from an omission of a required cryptographic step in the TLS\u202f1.3 client\u2019s processing of a HelloRetryRequest. A crafted HelloRetryRequest followed by a ServerHello that omits the key_share extension allows the client to derive predictable traffic secrets from the (EC)DH shared secret, thereby compromising the confidentiality of TLS\u2011protected communications. The flaw is a classic input\u2011validation error (CWE\u201120) and does not affect the client\u2019s authentication of the server.", "risk_and_exploitability": "The CVSS score is 1.2, indicating low severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to act as a TLS server capable of sending a custom HelloRetryRequest; thus the attack vector is network\u2011based and relies on the client\u2019s willingness to accept the TLS handshake. Because the flaw does not affect server authentication, it is unlikely to be a high\u2011priority exploit vector in most deployments."}}}}, "created": "2026-03-20T08:56:04.699926+00:00", "updated": "2026-03-20T11:06:14.412774+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}