A critical vulnerability in the wolfSSL SSL/TLS library, tracked as CVE-2026-5194, can weaken security by improperly verifying the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. Researchers warn that an attacker could exploit this issue to force a target device or application to accept forged certificates for malicious servers or connections, as reported by Bleeping Computer.The vulnerability, discovered by Nicholas Carlini, is a cryptographic validation flaw affecting multiple signature algorithms in wolfSSL, including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448. An attacker can exploit this by supplying a forged certificate with a smaller digest than cryptographically appropriate, allowing the system to accept a signature that is easier to falsify. This could lead to reduced security of ECDSA certificate-based authentication. wolfSSL is a lightweight TLS/SSL implementation used in over 5 billion applications and devices worldwide, including embedded systems, IoT devices, and industrial control systems. The issue was addressed in wolfSSL version 5.9.1, released on April 8.Organizations using wolfSSL are advised to promptly apply security updates to ensure certificate validation remains secure. System administrators managing environments that rely on Linux distribution packages or vendor firmware should seek downstream vendor advisories, as exploitation may depend on specific deployment conditions.Source: Bleeping Computer
Encryption, Application security, Vulnerability Management, Patch/Configuration Management

Critical wolfSSL vulnerability allows forged certificates

(Adobe Stock)

Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



