WolfSSL forged certificate validation flaw (CVE-2026-5194)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-5194 is a wolfSSL certificate-verification flaw that could let an attacker forge certificates and impersonate a legitimate service. Anthropic said Project Glasswing, using Claude Mythos Preview, helped identify the issue and more than 10,000 high- or critical-severity vulnerabilities across widely used software, including 6,202 high/critical flaws affecting more than 1,000 open-source projects. The vulnerability was fixed in wolfSSL 5.9.1, and the vendor advises updating vulnerable deployments.
Related Happenings
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
How related:
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month.
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceHow related: Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month.
About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
CISA KEV patch directive for CVE-2025-53521
Advisory/Mitigation
First: 30.03.2026 10:07
Last: 30.03.2026 10:07
Sources 1
About this happening:
CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...
CISA KEV patch directive for CVE-2025-53521
Advisory/MitigationAbout this happening: CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
RondoDox botnet exploitation of XWiki CVE-2025-24893
Malware Activity
First: 15.11.2025 18:35
Last: 15.11.2025 18:35
Sources 1
About this happening:
The **RondoDox** botnet has begun **targeting unpatched XWiki instances** through **CVE-2025-24893**, expanding its reach and putting vulnerable servers at risk of **botnet recrui...
RondoDox botnet exploitation of XWiki CVE-2025-24893
Malware ActivityAbout this happening: The **RondoDox** botnet has begun **targeting unpatched XWiki instances** through **CVE-2025-24893**, expanding its reach and putting vulnerable servers at risk of **botnet recrui...
Timeline
-
13.04.2026 22:56 1 articles · 1mo ago
wolfSSL 5.9.1 fixes CVE-2026-5194
Mitigation Patch UpdatewolfSSL version 5.9.1 was released to address CVE-2026-5194, a certificate-verification flaw in the wolfSSL SSL/TLS library that can accept digests smaller than allowed during ECDSA and related signature checks. The fix covers multiple signature algorithms, including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448.
Show sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
13.04.2026 22:56 3 articles · 1mo ago
Critical wolfSSL certificate-verification flaw disclosed
Initial DisclosureNicholas Carlini of Anthropic identified CVE-2026-5194 in the wolfSSL SSL/TLS library, where missing hash/digest size and OID checks can let devices or applications accept forged certificates for malicious servers or connections during certificate verification. The flaw affects multiple signature algorithms and can reduce the security of certificate-based authentication.
Show sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
- Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software — thehackernews.com — 23.05.2026 14:55