CVE-2026-6092
MEDIUMDescription
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| wolfssl | wolfssl |
References
Frequently Asked Questions
What is CVE-2026-6092? +
How severe is CVE-2026-6092? +
What products are affected by CVE-2026-6092? +
How do I check if I'm vulnerable to CVE-2026-6092? +
Related Vulnerabilities
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted …
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a …
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from …
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an …
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS …
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to …