wolfSSL Patches Critical Certificate Forgery Vulnerability Affecting Billions of Devices
Take action: If you use devices or software built on wolfSSL (common in IoT, routers, industrial controllers, and embedded systems), make sure they are isolated from the internet and accessible from trusted networks only, then check with your device vendor for firmware updates that include wolfSSL version 5.9.1 to patch CVE-2026-5194. Be aware that older or unsupported devices may never get this fix, so network isolation and monitoring are your only protection for those.
Learn More
wolfSSL has patched a critical cryptographic validation vulnerability in its lightweight SSL/TLS library that could allow attackers to force target devices and applications to accept forged digital certificates.
wolfSSL is a widely deployed C-based TLS/SSL implementation designed for embedded systems, IoT devices, industrial control systems, routers, automotive systems, and military equipment.
The flaw is tracked as CVE-2026-5194 (CVSS score 9.3), and is caused by missing hash/digest size and Object Identifier (OID) checks during signature verification, which permits digests smaller than those mandated by FIPS 186-4 or 186-5 to be accepted by certificate verification functions. Red Hat's independent assessment elevates it to a perfect 10.
The vulnerability affects multiple signature algorithms, including:
- ECDSA/ECC
- DSA
- ML-DSA
- Ed25519
- Ed448
An attacker can exploit this weakness by supplying a forged certificate with a smaller digest than what is cryptographically appropriate, enabling the target system to accept a signature that is significantly easier to falsify or reproduce.
Red Hat warns that the attack is low-complexity and requires no privileges or user interaction, meaning attackers can use invalid or forged certificates to impersonate trusted entities and intercept communications .
CVE-2026-5194 was patched in wolfSSL version 5.9.1, released on April 8, 2026. Builds that have both ECC and EdDSA or ML-DSA enabled and perform certificate verification are strongly recommended to upgrade immediately.
While the vulnerability impacts the core signature verification routine, there may be deployment-specific conditions that limit exploitation in certain environments. System administrators managing environments that do not use upstream wolfSSL releases but instead rely on Linux distribution packages, vendor firmware, or embedded SDKs should consult downstream vendor advisories for accurate guidance.
Red Hat has confirmed that MariaDB is not affected in Red Hat products because it is compiled against the system's OpenSSL library rather than wolfSSL's bundled routines. A big concern is older devices that are no longer supported by their manufacturers, as many routers, home appliances, and embedded gadgets may never receive an update, leaving them permanently exposed.
Organizations using wolfSSL are strongly advised to review their deployments and apply the security update to version 5.9.1 to ensure certificate validation remains secure.
