CVE-2026-8720

EUVD-2026-39579

25.06.2026, 22:17

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
wolfSSL	CNA	5.9 MEDIUM	LOCAL	LOW	NONE	CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
wolfssl	wolfssl	5.9.0 ≤ 𝑥 ≤ 5.9.1	CNA

Common Weakness Enumeration

CWE-354 - Improper Validation of Integrity Check Value
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

https://github.com/wolfSSL/wolfssl/pull/10447

https://www.wolfssl.com/docs/security-vulnerabilities/