Critical vulnerability CVE-2026-5194 in wolfSSL's ECDSA certificate validation allows attackers to accept forged certificates using improperly weak digests, affecting IoT, embedded systems, and industrial equipment. Patched in wolfSSL v5.9.1.
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. Researchers warn that an attacker could exploit the issue to force a target device or application to accept forged certificates for malicious servers or connections. wolfSSL is a lightweight TLS/SSL implementation written in C, designed for embedded systems,
IoT Devices
,
Industrial Control Systems
, routers, appliances, sensors,
Automotive Systems
, and even
Aerospace
or
Military Equipment
. According to the project’s website, wolfSSL is used in more than 5 billion applications and devices worldwide. The vulnerability, discovered by Nicholas Carlini of Anthropic and tracked as
CVE-2026-5194
, is a cryptographic validation flaw that affects multiple signature algorithms in wolfSSL, allowing improperly weak digests to be accepted during certificate verification. The issue impacts multiple algorithms, including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448. For builds that have both ECC and EdDSA or ML-DSA active, it is recommended to upgrade to the latest wolfSSL release.
CVE-2026-5194
was addressed in wolfSSL version 5.9.1 , released on April 8. “Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions,” reads the security advisory .
“This could lead to reduced security of ECDSA certificate-based authentication if the public CA [certificate authority] key used is also known.” According to Lukasz Olejnik , independent security researcher and consultant, exploiting
CVE-2026-5194
could trick applications or devices using a vulnerable wolfSSL version to "accept a forged digital identity as genuine, trusting a malicious server, file, or connection it should have rejected." An attacker can exploit this weakness by supplying a forged certificate with a smaller digest than cryptographically appropriate, so the system accepts a signature that is easier to falsify or reproduce. While the vulnerability impacts the core signature verification routine, there may be prerequisites and deployment-specific conditions that might limit exploitation. System administrators managing environments that do not use upstream wolfSSL releases but instead rely on Linux distribution packages, vendor firmware, and embedded SDKs should seek downstream vendor advisories for better clarity. For example, Red Hat’s advisory , which assigns the flaw a maximum severity rating, states that MariaDB is not affected because it uses OpenSSL rather than wolfSSL for cryptographic operations. Organizations using wolfSSL are advised to review their deployments and apply the security updates promptly to ensure certificate validation remains secure.