CVE-2026-8720

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

History

27 Jun 2026, 19:43

Type Values Removed Values Added
First Time Wolfssl wolfssl
Wolfssl
CPE cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
References () https://github.com/wolfSSL/wolfssl/pull/10447 - () https://github.com/wolfSSL/wolfssl/pull/10447 - Issue Tracking, Patch
References () https://www.wolfssl.com/docs/security-vulnerabilities/ - () https://www.wolfssl.com/docs/security-vulnerabilities/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

25 Jun 2026, 22:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 22:17

Updated : 2026-06-27 19:43


NVD link : CVE-2026-8720

Mitre link : CVE-2026-8720

CVE.ORG link : CVE-2026-8720


JSON object : View

Products Affected

wolfssl

  • wolfssl
CWE
CWE-354

Improper Validation of Integrity Check Value