GHSA-34qm-63x6-fcm3
A vulnerability in wolfSSL's HMAC-BLAKE2 APIs (added in version 5.9.0) causes the MAC to be independent of the input message when the key length exceeds the block size. Specifically, the functions wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message data in this case, resulting in a MAC that depends only on the key. This flaw undermines the integrity guarantees of the MAC.
AI Analysis
Technical Summary
The vulnerability affects the HMAC-BLAKE2 implementations in wolfSSL starting from version 5.9.0. When a key longer than the BLAKE2 block size is used, the key-hashing branch reinitializes the hash state, discarding the accumulated message data. Consequently, the generated MAC does not authenticate the message content but only the key, violating the expected behavior of HMAC and potentially allowing message forgery or bypass of authentication checks.
Potential Impact
The integrity protection provided by the HMAC-BLAKE2 functions is compromised when keys exceed the block size, as the MAC becomes independent of the message. This can lead to authentication bypass scenarios where an attacker might forge messages without detection. However, there are no known exploits in the wild reported for this vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid using keys longer than the BLAKE2 block size with the affected HMAC-BLAKE2 APIs in wolfSSL version 5.9.0 and later. Monitor vendor communications for official patches or updates.
GHSA-34qm-63x6-fcm3
Description
A vulnerability in wolfSSL's HMAC-BLAKE2 APIs (added in version 5.9.0) causes the MAC to be independent of the input message when the key length exceeds the block size. Specifically, the functions wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message data in this case, resulting in a MAC that depends only on the key. This flaw undermines the integrity guarantees of the MAC.
CVSS v4.0
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability affects the HMAC-BLAKE2 implementations in wolfSSL starting from version 5.9.0. When a key longer than the BLAKE2 block size is used, the key-hashing branch reinitializes the hash state, discarding the accumulated message data. Consequently, the generated MAC does not authenticate the message content but only the key, violating the expected behavior of HMAC and potentially allowing message forgery or bypass of authentication checks.
Potential Impact
The integrity protection provided by the HMAC-BLAKE2 functions is compromised when keys exceed the block size, as the MAC becomes independent of the message. This can lead to authentication bypass scenarios where an attacker might forge messages without detection. However, there are no known exploits in the wild reported for this vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid using keys longer than the BLAKE2 block size with the affected HMAC-BLAKE2 APIs in wolfSSL version 5.9.0 and later. Monitor vendor communications for official patches or updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-34qm-63x6-fcm3
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-8720"]
- Ecosystems
- []
- Database Specific Severity
- MODERATE
- Cvss Version
- 4.0
Threat ID: 6a3ef7d127e9c79719002b51
Added to database: 06/26/2026, 22:06:09 UTC
Last enriched: 06/26/2026, 22:38:31 UTC
Last updated: 06/27/2026, 00:31:17 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.