1 article
A critical cryptographic validation flaw in wolfSSL, a lightweight TLS library embedded in billions of IoT devices, routers, industrial control systems, and automotive components, allows attackers to present forged X.509 certificates that pass signature verification without a legitimate private key. The vulnerability enables man-in-the-middle attacks and authentication bypass across an enormous installed base. wolfSSL version 5.9.1, released 8 April 2026, provides the fix.