Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-5194 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-5194 | CVSS 9.1 (Critical) | Exploit: PoC available

What Is It

CVE-2026-5194 is a cryptographic validation flaw in WolfSSL's ECDSA signature verification logic that allows undersized or inappropriate digest values to be accepted during certificate-based authentication.

Technical Detail

The vulnerability stems from missing hash digest size and OID checks within WolfSSL's signature verification functions, specifically when ECDSA/ECC verification is used alongside EdDSA or ML-DSA in the same build configuration. An attacker who also possesses the public CA key used in a given PKI chain could craft or present a certificate with a digest smaller than the required minimum, and the verification function would accept it as valid. The practical impact is a weakening of ECDSA certificate-based authentication, potentially enabling authentication bypass or acceptance of forged certificates under the right conditions.

Exploitation Status

A proof-of-concept is publicly available. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, and there is no confirmed evidence of active exploitation in the wild as of May 24, 2026. The existence of a PoC lowers the barrier for technically capable actors to develop working exploits, and the CVSS score of 9.1 (Critical) reflects the potential severity if exploited in a targeted scenario.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with this CVE.

What To Do

Organizations using WolfSSL in configurations where ECDSA/ECC verification is enabled alongside EdDSA or ML-DSA should treat this as a priority patch. Review the WolfSSL advisory and apply the patched version as soon as it is available or already released. As an interim measure, consider disabling the combined algorithm configurations (EdDSA or ML-DSA alongside ECDSA) if operationally feasible, to eliminate the vulnerable code path. Audit any systems relying on ECDSA certificate-based authentication, particularly those exposed to untrusted certificate chains or external PKI inputs. Monitor WolfSSL's official release channel and security advisories for patch confirmation and version guidance.