Use of the wolfSSL Vulnerability Report Template is mandatory. All security reports must use SECURITY-REPORT-TEMPLATE.md, with every required field completed. Reports that do not use the template, or that leave required fields incomplete, will not receive CVE consideration.
Submit the completed template to support@wolfssl.com.
Non-template submissions may still be reviewed on the merits and, where appropriate, addressed as hardening fixes in a future release.
Please keep the vulnerability private until a fix has been released.
For the full policy — severity rubric, coordinated-disclosure practice, and reporter credit — see SECURITY-POLICY.md.