Verified reproduction
CVE-2026-5466: wolfSSL: ECCSI universal signature forgery via missing scalar range check
CVE-2026-5466 is verified against wolfssl · source affected versions: < 5.9.1 fixed version: 5.9.1 This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00173.
Severity HIGH
Confidence HIGH
Reproduced in 16m 28s
Tool calls 159
Spend $1.25
Affected < 5.9.1
Fixed in 5.9.1
$
pruva-verify REPRO-2026-00173 or
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00173/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Run in a VM or disposable container. This exploits a real vulnerability.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.
bundle/context.json3.6 KBbundle/metadata.json0.6 KBbundle/ticket.md5.5 KBbundle/repro/rca_report.md6.7 KBbundle/repro/reproduction_steps.sh2.8 KBbundle/repro/validation_verdict.json0.2 KBbundle/repro/eccsi_forge.c8.1 KBbundle/vuln_variant/eccsi_variant.c10.0 KBbundle/vuln_variant/root_cause_equivalence.json1.0 KBbundle/vuln_variant/rca_report.md7.1 KBbundle/vuln_variant/patch_analysis.md5.6 KBbundle/vuln_variant/variant_manifest.json2.6 KBbundle/vuln_variant/reproduction_steps.sh2.7 KBbundle/vuln_variant/validation_verdict.json3.1 KBbundle/logs/variant_vulnerable.txt2.5 KBbundle/logs/variant_fixed.txt2.5 KBbundle/logs/vulnerable_forge.txt1.9 KBbundle/logs/fixed_forge.txt1.9 KB