CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-8720

highCVSS 7.5covered by 2 sourcesfirst seen 2026-06-09
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authenticated. This bug is specific to the HMAC-BLAKE2 APIs that were added in wolfSSL version 5.9.0.

CSIRTS triage

What
HMAC-BLAKE2 final discards the message when the key length exceeds the block size.
Who is affected
Users of OpenSSL that implement HMAC-BLAKE2 with long keys.
Urgency
This is a high severity issue that should be remediated promptly to ensure data integrity.
Action
Update to the latest version of OpenSSL.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-8720

Get an email if CVE-2026-8720 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-8720

CVE.org record

Embed the live status

CVE-2026-8720 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-8720 status](https://www.csirts.com/badge/CVE-2026-8720)](https://www.csirts.com/cve/CVE-2026-8720)