CVE-2026-6331

Name	CVE-2026-6331
Description	HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1140815

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
wolfssl (PTS)	bullseye	4.6.0+p1-0+deb11u2	vulnerable
	bookworm	5.5.4-2+deb12u2	vulnerable
	trixie	5.7.2-0.1+deb13u1	vulnerable
	forky, sid	5.9.1-0.1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
wolfssl	source	(unstable)	(unfixed)			1140815

https://github.com/wolfSSL/wolfssl/pull/10192 (v5.9.2-stable)