wolfSSL's ECCSI Signature Verifier Allows Forgery of Any Identity

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.6

wolfSSL's ECCSI Signature Verifier Allows Forgery of Any Identity

CVE-2026-5466

Summary

A security issue in wolfSSL's ECCSI signature verifier could allow an attacker to create fake signatures that can be used to impersonate anyone, even with limited information. This means an attacker could potentially trick others into trusting a message or identity that is not legitimate. To protect against this, update to a fixed version of wolfSSL as soon as possible.

Original title

Original description

wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.

nvd CVSS4.0 7.6

Vulnerability type

CWE-347 Improper Verification of Cryptographic Signature

https://github.com/wolfssl/wolfssl/pull/10102

Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026