CVE-2026-8720 | wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the mess… | CVSS 5.9 MEDIUM

Description

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

Metadata

CVE ID: CVE-2026-8720
State: PUBLISHED
Assigner: wolfSSL
Reserved: 2026-05-15 22:33 UTC
Published: 2026-06-25 21:18 UTC
Last updated: 2026-06-25 21:18 UTC
Primary CWE: CWE-354
CWE-354 Improper Validation of Integrity Check Value
Vendor / Product: wolfSSL / wolfSSL
Sources: cve.org · NVD

Severity & Metrics

5.9 MEDIUM CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected products (1)

Vendor	Product	Platform	Versions
wolfSSL	wolfSSL	—	5.9.0 ≤ 5.9.1

Weakness (CWE)

CWE	Source	Description
CWE-354	cna	CWE-354 Improper Validation of Integrity Check Value

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.9	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References (2)