CVE-2026-5194 (CVSS 9.5) allows an attacker to bypass TLS/SSL certificate validation in WolfSSL by presenting certificates with mismatched digest OIDs that the library accepts without adequate verification. WolfSSL’s embedded deployment model means exposure extends to IoT devices, medical equipment, automotive systems, and enterprise infrastructure where the library is compiled in rather than installed as a standalone package. Standard software inventory and patch management processes will miss most affected instances.