CVE-2026-5466
Signature Forgery in wolfSSL ECCSI Verifier Allows Universal Forgery
Publication date: 2026-04-10
Last updated on: 2026-04-29
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in wolfSSL's ECCSI signature verifier function called wc_VerifyEccsiHash. The function decodes the r and s scalars from the signature blob without verifying that these values lie within the valid range [1, q-1]. Because of this lack of validation, an attacker can craft a forged signature that will verify successfully against any message for any identity, using only publicly-known constants.
How can this vulnerability impact me? :
The vulnerability allows an attacker to create forged signatures that will be accepted as valid for any message and any identity. This undermines the integrity and authenticity guarantees normally provided by the ECCSI signature verification process, potentially allowing unauthorized actions, data tampering, or impersonation within systems relying on wolfSSL's ECCSI signature verification.