Critical flaw in wolfSSL library enables forged certificate use
Critical wolfSSL cryptographic validation flaw allows forged certificate acceptance via weak ECDSA signatures.
Summary
A critical vulnerability (CVE-2026-5194) in the wolfSSL SSL/TLS library allows attackers to forge certificates by exploiting improper verification of hash algorithms and digest sizes in ECDSA signature checking. The flaw affects multiple signature algorithms and impacts billions of embedded devices, IoT systems, and industrial control systems worldwide. wolfSSL patched the issue in version 5.9.1 released April 8, 2026.
Full text
Critical flaw in wolfSSL library enables forged certificate use By Bill Toulas April 13, 2026 03:56 PM 0 A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. Researchers warn that an attacker could exploit the issue to force a target device or application to accept forged certificates for malicious servers or connections. wolfSSL is a lightweight TLS/SSL implementation written in C, designed for embedded systems, IoT devices, industrial control systems, routers, appliances, sensors, automotive systems, and even aerospace or military equipment. According to the project’s website, wolfSSL is used in more than 5 billion applications and devices worldwide. The vulnerability, discovered by Nicholas Carlini of Anthropic and tracked as CVE-2026-5194, is a cryptographic validation flaw that affects multiple signature algorithms in wolfSSL, allowing improperly weak digests to be accepted during certificate verification. The issue impacts multiple algorithms, including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448. For builds that have both ECC and EdDSA or ML-DSA active, it is recommended to upgrade to the latest wolfSSL release. CVE-2026-5194 was addressed in wolfSSL version 5.9.1, released on April 8. “Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions,” reads the security advisory. “This could lead to reduced security of ECDSA certificate-based authentication if the public CA [certificate authority] key used is also known.” According to Lukasz Olejnik, independent security researcher and consultant, exploiting CVE-2026-5194 could trick applications or devices using a vulnerable wolfSSL version to "accept a forged digital identity as genuine, trusting a malicious server, file, or connection it should have rejected." An attacker can exploit this weakness by supplying a forged certificate with a smaller digest than cryptographically appropriate, so the system accepts a signature that is easier to falsify or reproduce. While the vulnerability impacts the core signature verification routine, there may be prerequisites and deployment-specific conditions that might limit exploitation. System administrators managing environments that do not use upstream wolfSSL releases but instead rely on Linux distribution packages, vendor firmware, and embedded SDKs should seek downstream vendor advisories for better clarity. For example, Red Hat’s advisory, which assigns the flaw a maximum severity rating, states that MariaDB is not affected because it uses OpenSSL rather than wolfSSL for cryptographic operations. Organizations using wolfSSL are advised to review their deployments and apply the security updates promptly to ensure certificate validation remains secure. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: ConnectWise patches new flaw allowing ScreenConnect hijackingAdobe rolls out emergency fix for Acrobat, Reader zero-day flawCritical Marimo pre-auth RCE flaw now under active exploitationAnalysis of one billion CISA KEV remediation records exposes limits of human-scale securityIvanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Indicators of Compromise
- cve — CVE-2026-5194