CVE-2026-5194
ECDSA Verification Flaw Accepts Undersized Digests, Weakening Security
Publication date: 2026-04-09
Last updated on: 2026-04-16
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | From 3.12.0 (inc) to 5.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves missing checks for hash/digest size and Object Identifier (OID) agreement during the verification of ECDSA certificates. Specifically, it allows digests smaller than the allowed size or smaller than appropriate for the key type to be accepted by signature verification functions. This flaw affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled, potentially weakening the security of ECDSA certificate-based authentication if the public CA key is known.
How can this vulnerability impact me? :
The vulnerability can reduce the security of ECDSA certificate-based authentication by allowing signatures with smaller-than-allowed digests to be accepted. This could enable attackers to bypass signature verification checks, potentially leading to unauthorized access or impersonation if the public CA key is known. Overall, it weakens the cryptographic assurance provided by ECDSA certificates.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability undermines compliance with cryptographic standards such as FIPS 186, which specify strict requirements for digest sizes and OID consistency in digital signature verification. Failure to enforce these requirements can lead to weaker security controls, potentially impacting compliance with regulations like GDPR and HIPAA that mandate strong data protection and secure authentication mechanisms. The wolfSSL update addresses this by enforcing correct digest sizes and OID checks to align with FIPS 186 standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying whether the system's cryptographic library enforces correct digest sizes and Object Identifier (OID) checks during ECDSA signature verification.
Specifically, you can check if wolfSSL or the cryptographic library in use includes the updated enforcement of digest size constraints and OID agreement as introduced in the wolfSSL pull request #10131.
While no direct commands are provided, you can perform tests by verifying ECDSA certificates with varying digest sizes to see if smaller-than-allowed digests are accepted.
Additionally, reviewing the version of wolfSSL or your cryptographic library to confirm if it includes the fixes related to WC_FIPS_186_4, WC_FIPS_186_5, and related macros can help detect vulnerability presence.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the cryptographic library to a version that includes the enhanced enforcement of digest size and OID checks as described in the wolfSSL pull request #10131.
Ensure that your system uses wolfSSL versions or patches that implement the WC_FIPS_186_4, WC_FIPS_186_5, and related macros enforcing minimum digest sizes and OID consistency during signature verification.
If you are using custom hash algorithms, configure the new macros WC_HASH_CUSTOM_MIN_DIGEST_SIZE, WC_HASH_CUSTOM_MAX_DIGEST_SIZE, and WC_HASH_CUSTOM_MAX_BLOCK_SIZE appropriately to maintain security compliance.
Also, consider disabling EdDSA or ML-DSA if not required, as the vulnerability affects ECDSA/ECC verification when these are enabled.