CVE-2026-5466
Published: 10 April 2026
Summary
CVE-2026-5466 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-5466 is a vulnerability in wolfSSL's ECCSI signature verifier function `wc_VerifyEccsiHash`. The function decodes the `r` and `s` scalars from the signature blob using `mp_read_unsigned_bin` without validating that they lie within the required range `[1, q-1]`, where `q` is the curve order. This flaw, classified under CWE-347 (Breakaway Verification of Cryptographic Signature), affects wolfSSL implementations that use ECCSI (Elliptic Curve Cryptography with Certificateless Signatures for Images) signature verification.
An attacker can exploit this vulnerability by crafting a forged signature that includes `r` and `s` values outside the valid range. Such a signature will incorrectly verify as authentic against any arbitrary message and for any identity, requiring only publicly known constants like curve parameters. Exploitation is possible by any adversary who can supply a malicious signature blob to a vulnerable wolfSSL verifier, potentially bypassing authentication mechanisms in applications relying on ECCSI for integrity and authenticity checks.
The wolfSSL project has addressed this issue via a pull request at https://github.com/wolfssl/wolfssl/pull/10102, which adds the necessary range checks on `r` and `s` during decoding to ensure they fall within `[1, q-1]`. Security practitioners should update to a version incorporating this fix and audit deployments using wolfSSL's ECCSI functionality.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21291
Vulnerability details
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only…
more
publicly-known constants.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Signature verification bypass in wolfSSL ECCSI allows forged signatures to pass auth checks; directly enables remote exploitation of public-facing applications or services relying on the verifier for integrity/authenticity.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of r/s scalars supplied to wc_VerifyEccsiHash so they lie in [1, q-1], blocking the forged-signature acceptance described in the CVE.
Mandates correct implementation of cryptographic signature verification mechanisms, which the missing range check in ECCSI violates.
Requires integrity mechanisms (including signatures) to function correctly; the flawed verifier allows forged signatures to bypass authenticity checks.
Hardening callouts derived
Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).
Oracle Linux 8 (2 rules)
- V-248574 YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization. via CWE-347
- V-248575 OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-347
Oracle Linux 9 (2 rules)
- V-271523 OL 9 must check the GPG signature of locally installed software packages before installation. via CWE-347
- V-271525 OL 9 must have GPG signature verification enabled for all software repositories. via CWE-347
RHEL 7 (2 rules)
- V-204447 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-347
- V-204448 The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-347
RHEL 8 (1 rule)
- V-230264 RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. via CWE-347
RHEL 9 (1 rule)
- V-257822 RHEL 9 must have GPG signature verification enabled for all software repositories. via CWE-347