CVE-2026-5194 CRITICAL

CVE-2026-5194: wolfSSL ECDSA Certificate Verification

Vendor Wolfssl
Product wolfSSL
Weakness CWE-295
Published April 9, 2026
Last update May 23, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:L/SA:L/U:Red

What the vulnerability does

01Description

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Key dates

02Disclosure timeline

April 9, 2026 CVE published
May 23, 2026 Record updated