Missing Hash Size and OID Checks in wolfSSL's ECDSA Verification
CVE-2026-5194

9.3CRITICAL

Key Information:

Vendor

Wolfssl

Status
Wolfssl
Vendor
CVE Published:
9 April 2026

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 9,670πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2026-5194?

CVE-2026-5194 is a vulnerability affecting the wolfSSL library, a widely-used embedded SSL/TLS library designed for secure communication in various applications. This particular flaw arises from missing hash size and Object Identifier (OID) checks within the library's ECDSA (Elliptic Curve Digital Signature Algorithm) verification process. As a result, it allows digital signatures with hash sizes that are smaller than the expected limits to be accepted. This undermines the security integrity of ECDSA certificate-based authentication systems, especially when the public Certificate Authority (CA) key is known. The vulnerability presents a critical risk as it could potentially lead to successful impersonations or unauthorized access, which can severely impact organizations relying on the wolfSSL library for secure communications.

Potential impact of CVE-2026-5194

  1. Compromised Authentication Mechanisms: The lack of proper checks can enable attackers to present fraudulent digital signatures, potentially allowing unauthorized access to systems that depend on ECDSA for authentication. This can lead to a breakdown in trust and security validation.

  2. Increased Risk of Man-in-the-Middle Attacks: With the ability to bypass certain security checks, adversaries could exploit this vulnerability to intercept communications, impersonate legitimate parties, or alter transmitted data, leading to significant data breaches or loss of confidentiality.

  3. Exploitation in Targeted Attacks: Although there are no known exploitations in the wild at this time, the nature of the vulnerability suggests that if exploited, it could serve as a foothold for advanced persistent threat actors, opening doors to further attacks, including data exfiltration or lateral movement within a network.

Affected Version(s)

wolfSSL 3.12.0 < 5.9.1

News Articles

favicon imageIt Security News

wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now - IT Security News

Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…Read more β†’

favicon imageHackread

wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now

Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk.

favicon imageBleepingComputer

Critical flaw in wolfSSL library enables forged certificate use

A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures.

References

https://github.com/wolfSSL/wolfssl/pull/10131
patch

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nicholas Carlini from Anthropic
.