CVE-2026-5446

CVE-2026-5446 affects the wolfSSL cryptographic library, specifically ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2. The vulnerability stems from reusing an identical 12-byte GCM nonce for every application-data record, as wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the proprietary MagicCrypto SDK without an internal counter. The explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This issue is limited to wolfSSL builds configured with the non-default --enable-aria option and the MagicCrypto SDK, an opt-in setup required for Korean regulatory deployments. AES-GCM cipher suites are unaffected, as wc_AesGcmEncrypt_ex maintains an independent internal invocation counter.

Attackers positioned to observe encrypted TLS 1.2 or DTLS 1.2 traffic using vulnerable ARIA-GCM cipher suites could exploit the nonce reuse, associated with CWE-323 (Reused Initialization Vector), to potentially decrypt application data or forge records. Exploitation requires the target to be using the specific non-default wolfSSL configuration with MagicCrypto SDK.

Mitigation is provided through a patch in the wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/10111. Security practitioners should update affected wolfSSL builds and avoid the --enable-aria configuration with MagicCrypto SDK unless required for regulatory compliance.