CVE-2026-5194

CRITICAL

wolfSSL ECDSA Certificate Verification

Title source: cna

Description

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Exploits (1)

nomisec SUSPICIOUS

by jenniferreire26 · poc

https://github.com/jenniferreire26/CVE-2026-5194

View Code ZIP pw:eip

References (1)

[Patch] https://github.com/wolfSSL/wolfssl/pull/10131

Scores

CVSS v3 9.1

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-295

Status published

Products (2)

wolfSSL/wolfSSL 3.12.0 - 5.9.1

wolfssl/wolfssl 3.12.0 - 5.9.1

Published Apr 09, 2026

Tracked Since Apr 10, 2026