CVE-2026-8720
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.
CSIRTS triage
- What
- HMAC-BLAKE2 final discards the message when the key length exceeds the block size.
- Who is affected
- Users of OpenSSL that implement HMAC-BLAKE2 with long keys.
- Urgency
- This is a high severity issue that should be remediated promptly to ensure data integrity.
- Action
- Update to the latest version of OpenSSL.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-8720
Get an email if CVE-2026-8720 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.11% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all EPSS-scored CVEs.
Advisory coverage (2)
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-8720)