CVE-2026-5194
Last modified
CVE-2026-5194 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wolfssl | Wolfssl | >= 3.12.0, < 5.9.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-5194?
How severe is CVE-2026-5194?
How do I fix CVE-2026-5194?
Are you affected by CVE-2026-5194?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST