GoKawiilA critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures.
Researchers warn that an attacker could exploit the issue to force a target device or application to accept forged certificates for malicious servers or connections.
wolfSSL is a lightweight TLS/SSL implementation written in C, designed for embedded systems, IoT devices, industrial control systems, routers, appliances, sensors, automotive systems, and even aerospace or military equipment.
According to the project’s website, wolfSSL is used in more than 5 billion applications and devices worldwide.
The vulnerability, discovered by Nicholas Carlini of Anthropic and tracked as CVE-2026-5194, is a cryptographic validation flaw that affects multiple signature algorithms in wolfSSL, allowing improperly weak digests to be accepted during certificate verification.
The issue impacts multiple algorithms, including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448. For builds that have both ECC and EdDSA or ML-DSA active, it is recommended to upgrade to the latest wolfSSL release.
CVE-2026-5194 was addressed in wolfSSL version 5.9.1, released on April 8.
“Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions,” reads the security advisory.
“This could lead to reduced security of ECDSA certificate-based authentication if the public CA [certificate authority] key used is also known.”
According to Lukasz Olejnik, independent security researcher and consultant, exploiting CVE-2026-5194 could trick applications or devices using a vulnerable wolfSSL version to "accept a forged digital identity as genuine, trusting a malicious server, file, or connection it should have rejected."
... continue reading