JLSEC-2026-716

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-716.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-716.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-716
Upstream
  • EUVD-2026-21070
  • GHSA-f5h9-5q52-qrx7
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-18T00:01:03.809600825Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red CVSS Calculator
Summary
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA...
Details

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-5194",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5194",
            "modified": "2026-06-17T10:58:35.180Z",
            "published": "2026-04-09T20:16:28.420Z",
            "imported": "2026-07-17T22:29:49.500Z",
            "id": "CVE-2026-5194",
            "database_specific": {
                "status": "Modified"
            }
        },
        {
            "url": "https://api.github.com/advisories/GHSA-f5h9-5q52-qrx7",
            "html_url": "https://github.com/advisories/GHSA-f5h9-5q52-qrx7",
            "imported": "2026-07-17T22:29:49.655Z",
            "modified": "2026-04-16T21:31:11Z",
            "published": "2026-04-09T21:31:30Z",
            "id": "GHSA-f5h9-5q52-qrx7"
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-21070",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-21070",
            "modified": "2026-05-23T22:06:54Z",
            "imported": "2026-07-17T22:29:59.196Z",
            "published": "2026-04-09T19:30:24Z",
            "id": "EUVD-2026-21070"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-716.json"