CVE-2026-5194

A flaw was found in wolfSSL. Missing hash/digest size and Object Identifier (OID) checks allow the acceptance of smaller, less secure digests during the verification of Elliptic Curve Digital Signature Algorithm (ECDSA) certificates. This could enable a remote attacker, with knowledge of the public Certificate Authority (CA) key, to weaken the security of ECDSA certificate-based authentication. The vulnerability affects ECDSA/ECC verification when EdDSA or ML-DSA are also enabled.