CVE-2026-5194

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1

Description Missing hash/digest size and Object Identifier (OID) checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than appropriate for the relevant key type, to be accepted by signature verification functions. This flaw enables the acceptance of forged digital identities, potentially allowing a malicious server, file, or connection to be trusted. The issue affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled, specifically impacting the library's handling of signatures in ECDSA, DSA, ML-DSA, Ed25519, and Ed448. It is estimated that over 5 billion devices worldwide are potentially affected, including embedded systems, IoT devices, routers, automotive systems, power grid infrastructure, and military systems.

Recommendations Update to version 5.9.1.