{
  "parent_cve": "CVE-2026-5466",
  "parent_claim": "wolfSSL ECCSI universal signature forgery via missing scalar range validation in wc_VerifyEccsiHash",
  "variant_claim": "Systematic bypass and alternate-trigger analysis of the same ECCSI verification path",
  "same_root_cause": true,
  "root_cause_equivalence_reason": "All tested variants target the exact same verification arithmetic (mp_cmp(jx, r) after eccsi_calc_j) and the same missing check class (absence of [1,q-1] validation on decoded scalars). No alternate sink or divergent root cause was identified.",
  "same_sink": true,
  "sink_file": "wolfcrypt/src/eccsi.c",
  "sink_function": "wc_VerifyEccsiHash",
  "same_trust_boundary": true,
  "trust_boundary_description": "Attacker-controlled ECCSI signature buffer passed to the verifier API over the same untrusted-input boundary.",
  "same_impact_class": "signature_forge_universal",
  "variant_relation": "bypass_attempt_matrix",
  "bypass_attempts": 10,
  "bypasses_confirmed": 0
}