The vulnerability occurs in wolfSSL’s ECCSI signature verifier function, wc_VerifyEccsiHash, which decodes the scalar values r and s from a signature blob using mp_read_unsigned_bin without verifying they fall within the valid range [1, q‑1]. The absence of this sanity check allows an adversary to craft a forged signature that will satisfy verification for any message and any identity that relies on ECCSI, effectively undermining authentication and integrity checks. This weakness is categorized as CWE‑347, representing Incorrect Validation of Cryptographic Parameters.

This flaw affects installations of the wolfSSL library that use the vulnerable wc_VerifyEccsiHash implementation. All versions prior to the merge of pull request #10102 are at risk; the advisory does not list specific version numbers, so any older or unpatched release should be considered vulnerable. Deployments that employ wolfSSL for ECCSI‑based authentication in TLS or other cryptographic protocols are impacted.

The CVSS score of 7.6 signals high severity, and although EPSS is not available, the lack of a range check indicates a fundamental flaw that can be exploited remotely with only knowledge of public constants. The vulnerability is not currently listed in CISA’s KEV catalog, yet the attack can be carried out by substituting forged signatures in network messages or user‑payloads. The likely attack vector is thus inferred to be remote over a network or via an application that accepts externally supplied signatures, requiring no privileged local access or filesystem modification.