CVE-2026-5194

Critical

Published: 09 April 2026

Published

09 April 2026

Modified

16 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0003 9.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA…

certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely remediation of the specific flaw in wolfSSL's ECDSA signature verification through patching.

SC-17 Public Key Infrastructure Certificates good match

prevent

Requires establishment and validation of PKI certificates, directly addressing weaknesses in ECDSA certificate signature verification.

SC-13 Cryptographic Protection partial match

prevent

Mandates secure implementation of cryptographic operations, including proper signature verification to prevent acceptance of invalid digests.

Security SummaryAI

CVE-2026-5194 is a vulnerability in the wolfSSL cryptographic library stemming from missing hash/digest size and OID checks in ECDSA signature verification functions. These omissions allow digests smaller than permitted or appropriate for the relevant key type to be accepted during ECDSA certificate verification. The flaw reduces the security of ECDSA certificate-based authentication if the public CA key is known and specifically affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled. It is classified under CWE-295 with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Exploitation weakens ECDSA signature validation, potentially enabling attackers to bypass authentication mechanisms in affected systems using wolfSSL for certificate verification, leading to high impacts on confidentiality and integrity.

A pull request addressing the issue is available at https://github.com/wolfSSL/wolfssl/pull/10131, which security practitioners should review and apply to mitigate the vulnerability.

Details

CWE(s): CWE-295

Affected Products

wolfssl

3.12.0 — 5.9.1

AI Security AnalysisAI

AI Category: Machine Learning Libraries
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: ml

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote network exploitation (AV:N) with no privileges or user interaction to bypass ECDSA certificate-based authentication due to missing digest/OID checks in wolfSSL, directly facilitating initial access via exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/wolfSSL/wolfssl/pull/10131
Issue Tracking · facts@wolfssl.com