wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now

Summary

A critical vulnerability (CVE-2026-5194) in wolfSSL, a cryptographic library used by approximately 5 billion IoT, router, and military devices, allows attackers to forge digital certificates by bypassing digest and OID verification checks. The flaw affects multiple signature algorithms including ECDSA, DSA, ML-DSA, ED25519, and ED448, and was patched in version 5.9.1 released April 8, 2026. The widespread use of wolfSSL across supply chains creates a major risk, particularly for legacy devices that may never receive updates.

Full text

Security TechnologywolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk. byDeeba AhmedApril 14, 20262 minute read A major vulnerability (CVE-2026-5194) has been found in the wolfSSL library, impacting 5 billion devices, including routers, IoT gadgets, and military systems. Learn how this flaw allows hackers to forge digital IDs and why you should update to version 5.9.1 immediately. A security vulnerability has been found in the wolfSSL library, a set of code used to encrypt data for about 5 billion devices and apps. Manufacturers use this tool to make sure that data moving between computers, routers, and even military systems stays private. Given its use in smart home sensors, games, and industrial tools, the exposure is considerable. How the vulnerability works The issue, tracked as CVE-2026-5194, is a flaw in how the library handles certificate-based authentication. This is a process where a device checks a digital ID to ensure a connection is safe. Nicholas Carlini, a researcher from Anthropic’s Frontier Red Team, noted that wolfSSL was failing to verify the size of the digest, which is like a digital fingerprint, and was not checking the OID. The OID is a label that shows which math formula was used to sign the ID. Missing these checks can allow hackers to forge these IDs and trick a device into trusting a fake server or a malicious file. According to the official security advisory, these missing checks allow digests smaller than allowed by FIPS 186-4 or 186-5 to be accepted by signature verification functions. This weakness reduces the security of the authentication process and affects multiple signature algorithms, including ECDSA/ECC, DSA, ML-DSA, ED25519, and ED448. It is particularly dangerous for software builds that have both ECC and EdDSA or ML-DSA enabled during certificate verification. Red Hat gave the bug a severity score of 10 out of 10 because it doesn’t require a user to click on anything, whereas it received a 9.3 rating in the National Vulnerability Database. The discovery Nicholas Carlini first reported the flaw to the developers after using an AI-based scanning tool from Anthropic, known as Claude Mythos Preview (part of Project Glasswing. The library is used in a massive variety of industries, including the smart grid, car manufacturing, and aviation. While it is smaller than OpenSSL, which runs most of the web, wolfSSL is the go-to choice for smaller Internet of Things (IoT) gadgets. Updating your devices The vulnerability was patched by wolfSSL in version 5.9.1, released on 8 April 2026. The company has now made hash and digest size checks much stricter. But this issue may still not be fully resolved even though a patch is available. The main worry now is for older devices that are no longer supported by their makers. Many routers, home appliances, or other older gadgets might never get an update, leaving them open to threat actors. Nevertheless, if you use a VPN or have smart home gadgets, install any available firmware updates to keep your hardware safe. William Wright, CEO of Closed Door Security, shared the following comments with Hackread.com regarding this vulnerability, warning that wolfSSL’s widespread use turns this vulnerability into a major supply chain issue, as organisations often struggle to identify and patch all affected devices, especially unmonitored or outdated systems, which attackers frequently target. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts CybersecurityIoTTechnologyVulnerabilitywolfSSL Leave a Reply Cancel reply View Comments (0) Related Posts Read More Cyber Crime Security Chinese Vigorish Viper Exploits DNS and Football Sponsorships for Illegal Gambling Unmasking Vigorish Viper: The Elusive Cybercrime Network Behind Illegal Gambling. Learn how this sophisticated group uses clever DNS… byDeeba Ahmed Malware Security New Russian Android Malware Tracks GPS Location and Spies on Victims The culprit behind this malware is Turla, a Russia State-Sponsored group known for previous high-profile malware attacks against… byWaqas Read More Security CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk. byDeeba Ahmed Security Vulnerability allowed hackers to tamper medication in infusion pump Braun Patched Faulty IV Pump After McAfee Discovered Vulnerability Allowing Medication Tampering. byDeeba Ahmed

Indicators of Compromise

• cve — CVE-2026-5194

Entities