CVE-2026-3503 identifies a protection mechanism failure in the wolfCrypt cryptographic library component of wolfSSL, specifically in its post-quantum cryptographic implementations ML-KEM (Key Encapsulation Mechanism) and ML-DSA (Digital Signature Algorithm). The vulnerability arises from incorrect handling of seeds in the pseudo-random number generator (PRNG) on ARM Cortex-M microcontrollers. The PRNG relies on Keccak-based expansion, and transient faults induced physically by an attacker can corrupt or redirect seed or pointer values during this process. Such corruption undermines the randomness quality and can lead to leakage or compromise of key material and cryptographic outcomes. This fault injection attack requires physical proximity and sophisticated fault induction techniques, making exploitation complex. The vulnerability affects wolfSSL version 5.8.2, as identified by the commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6. The issue is classified under CWE-335, which relates to incorrect usage of seeds in PRNGs, a critical aspect in cryptographic security. The CVSS v4.0 base score is 4.3, reflecting medium severity due to the attack vector being physical with high complexity and partial impact on confidentiality and integrity. No patches have been explicitly linked, and no known exploits are reported in the wild at this time.

The primary impact of this vulnerability is the potential compromise of cryptographic key material and the integrity of cryptographic operations in devices using wolfSSL's wolfCrypt on ARM Cortex-M microcontrollers. This can lead to unauthorized decryption, signature forgery, or other cryptographic failures, undermining the security guarantees of systems relying on these post-quantum algorithms. Since ARM Cortex-M microcontrollers are widely used in embedded systems, IoT devices, industrial control systems, and security-sensitive applications, the vulnerability could affect a broad range of devices globally. The requirement for physical access and high attack complexity limits the scope of exploitation but does not eliminate risk in high-value targets or environments where attackers can gain proximity. The confidentiality and integrity of sensitive data and communications could be compromised, potentially leading to data breaches, unauthorized control, or disruption of secure communications. Availability is not impacted. Organizations deploying wolfSSL in critical infrastructure, medical devices, automotive systems, or government applications may face significant risks if unmitigated.

Given the absence of a publicly available patch, organizations should implement multiple layers of mitigation. First, restrict physical access to devices running vulnerable wolfSSL versions on ARM Cortex-M microcontrollers to prevent fault injection attacks. Employ hardware-based tamper detection and response mechanisms to detect and mitigate transient fault attempts. Use side-channel and fault attack resistant hardware designs where possible. Monitor device behavior for anomalies indicative of fault injection. Where feasible, upgrade to newer wolfSSL versions once patches addressing this vulnerability are released. In the interim, consider disabling or replacing the affected post-quantum cryptographic algorithms (ML-KEM and ML-DSA) with alternatives not vulnerable to this issue. Conduct thorough security assessments of embedded devices to identify wolfSSL usage and assess exposure. Implement cryptographic key management best practices, including frequent key rotation and secure storage, to limit the impact of potential key compromise. Collaborate with wolfSSL support for guidance and updates. Finally, maintain physical security policies and employee training to reduce insider threats and unauthorized device access.