Northern.tech Mender Client versions prior to 5.0.4 contain a vulnerability that permits bypassing cryptographic signature verification. This weakness could allow an attacker to circumvent the validation of signed data, potentially enabling unauthorized or malicious updates to be accepted by the client. The vulnerability was published on May 27, 2026, but no official patch or remediation guidance has been documented. There are no known exploits reported in the wild, and the vulnerability does not affect cloud services.

The vulnerability could allow attackers to bypass cryptographic signature verification in the Mender Client, potentially compromising the integrity of software updates or other signed content. This may lead to unauthorized code execution or installation of malicious updates if exploited. However, no known exploits have been reported, and the actual impact depends on the attacker's ability to leverage this bypass in a given environment.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is documented, users of affected versions should monitor Northern.tech communications for updates and consider upgrading to version 5.0.4 or later once confirmed safe. Until then, exercise caution with update sources and verify integrity through alternative means if possible.