Forged certificate acceptance vulnerability in wolfSSL TLS library fixed
Summary
Hide ▲
Show ▼
A critical cryptographic validation flaw in the wolfSSL TLS/SSL library (CVE-2026-5194) enables attackers to bypass certificate verification and force acceptance of forged certificates for malicious servers or connections. The issue stems from improper validation of hash algorithm and size during ECDSA signature checks, allowing weaker-than-expected digests to be accepted. This affects core cryptographic routines and impacts multiple signature algorithms including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448. The vulnerability affects widely deployed applications and devices, including embedded systems, IoT, industrial control systems, routers, and automotive equipment. wolfSSL is used in over 5 billion applications and devices globally.
Timeline
-
13.04.2026 22:56 1 articles · 11h ago
Critical certificate validation flaw (CVE-2026-5194) in wolfSSL patched
A cryptographic validation flaw in wolfSSL’s certificate verification routines allowed acceptance of forged certificates due to improper hash algorithm and digest size checks during ECDSA signature validation. The vulnerability affected multiple signature algorithms (ECDSA/ECC, DSA, ML-DSA, Ed25519, Ed448) and impacted a wide range of devices and applications including embedded systems, IoT, industrial control systems, and automotive equipment. A patch was released in wolfSSL version 5.9.1 on April 8, 2026. Administrators are advised to assess their deployments, including vendor-specific builds, and apply updates promptly to restore secure certificate validation.
Show sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
Information Snippets
-
Vulnerability CVE-2026-5194 in wolfSSL enables acceptance of forged certificates due to improper hash algorithm and digest size validation during ECDSA signature verification.
First reported: 13.04.2026 22:561 source, 1 articleShow sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
Impacted signature algorithms include ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448. Systems using both ECC and EdDSA/ML-DSA are advised to upgrade immediately.
First reported: 13.04.2026 22:561 source, 1 articleShow sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
Exploitation could allow a malicious server, file, or connection to be trusted despite presenting a forged digital identity, reducing security of ECDSA certificate-based authentication.
First reported: 13.04.2026 22:561 source, 1 articleShow sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
The flaw was patched in wolfSSL version 5.9.1, released on April 8, 2026.
First reported: 13.04.2026 22:561 source, 1 articleShow sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
wolfSSL is a lightweight TLS/SSL implementation used in embedded systems, IoT devices, industrial control systems, routers, appliances, sensors, automotive systems, and military/aerospace equipment.
First reported: 13.04.2026 22:561 source, 1 articleShow sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
Red Hat’s advisory indicates MariaDB is not affected as it uses OpenSSL instead of wolfSSL for cryptographic operations.
First reported: 13.04.2026 22:561 source, 1 articleShow sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56