Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Debian LTS wolfssl Critical Denial of Service Auth Bypass Alert 2026-5194

debian lts
Calendar Grey July 14, 2026
Dist Debian Esm H88
Multiple vulnerabilities in wolfSSL could lead to serious security risks, including authentication bypass and denial of service.
Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, info...

Summary

CVE-2026-5194

Missing hash/digest size and OID checks allowed digests smaller
than appropriate for the relevant key type to be accepted during
ECDSA certificate signature verification, weakening ECDSA
certificate-based authentication when EdDSA or ML-DSA support was
also enabled.

CVE-2026-6092

When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path
could fall back to MAC-then-Encrypt instead of enforcing
Encrypt-then-MAC.

CVE-2026-6094

A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing
crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied
data delivered via S/MIME or CMS.

CVE-2026-6325

An out-of-bounds write in SetSuitesHashSigAlgo when processing an
oversized signature algorithms list allowed a write past the bounds
of the destination buffer.

CVE-2026-6329

PKCS#12 MAC verification compared the computed HMAC against the
stored MAC using an attacker-controlled length, allowing a truncated

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: wolfssl
Version: 5.5.4-2+deb12u3
CVE ID: CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.