WolfSSL security patch release (CVE-2026-5194)
Security Patch Release
Summary
Hide ▲
Show ▼
The wolfSSL project released version 5.9.1 to fix CVE-2026-5194, a cryptographic validation flaw that could let vulnerable deployments accept forged certificates. The patch matters because the issue affects certificate verification across multiple signature algorithms and can weaken authentication. Administrators using wolfSSL should upgrade promptly, especially in embedded and device deployments.
Related Happenings
F5 security patch release for CVE-2026-42530
Security Patch Release
H score39
First: 18.06.2026 20:32
Last: 18.06.2026 20:32
Sources 1
About this happening:
**F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
F5 security patch release for CVE-2026-42530
Security Patch ReleaseAbout this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Microsoft security patch release for CVE-2026-41089
Security Patch Release
H score43
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
H score32
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
CPanel security patch release for CVE-2026-29201
Security Patch Release
H score34
First: 09.05.2026 10:16
Last: 09.05.2026 10:16
Sources 1
About this happening:
**cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
CPanel security patch release for CVE-2026-29201
Security Patch ReleaseAbout this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
Timeline
-
13.04.2026 22:56 2 articles · 2mo ago
wolfSSL 5.9.1 fixes CVE-2026-5194
Mitigation Patch UpdatewolfSSL version 5.9.1 addressed CVE-2026-5194, a cryptographic validation flaw in the wolfSSL SSL/TLS library that could let devices and applications accept forged certificates when ECDSA and related signature verification accepted improperly weak digests. Deployments with ECC and EdDSA or ML-DSA enabled were advised to upgrade to the latest wolfSSL release.
Show sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56
-
13.04.2026 22:56 1 articles · 2mo ago
Researchers disclose CVE-2026-5194 in wolfSSL
Initial DisclosureNicholas Carlini of Anthropic disclosed CVE-2026-5194 in the wolfSSL SSL/TLS library, describing a cryptographic validation flaw that can accept improperly weak digests during certificate verification and may let a target device or application trust forged certificates for malicious servers or connections.
Show sources
- Critical flaw in wolfSSL library enables forged certificate use — www.bleepingcomputer.com — 13.04.2026 22:56