diff --git a/Changelog.md b/Changelog.md
index 4d112400..3d83a235 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.76] - 2026-02-12
+### Fix
+- Fixed DS126858 rule (Weak/Broken Hash Algorithm) false positive when MD5 is explicitly disabled via flags like `--nomd5`, `nomd5`, `no-md5`, `no_md5`, or `disable_md5_check`
+
 ## [1.0.75] - 2026-02-06
 ### Changed
 - Removed unnecessary uninstall/reinstall of @vscode/vsce from postinstall script in VSCode plugin
diff --git a/rules/default/security/cryptography/hash_algorithm.json b/rules/default/security/cryptography/hash_algorithm.json
index 6b98d740..abd6871c 100644
--- a/rules/default/security/cryptography/hash_algorithm.json
+++ b/rules/default/security/cryptography/hash_algorithm.json
@@ -13,7 +13,7 @@
         "rule_info": "DS126858.md",
         "patterns": [
             {
-                "pattern": "(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))",
+                "pattern": "(?<!\\bno)(?<!\\bno-)(?<!\\bno_)(?<!\\bdisable_)(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))",
                 "type": "regex",
                 "scopes": [
                     "code"
@@ -27,7 +27,7 @@
                 "type": "RegexReplace",
                 "replacement": "SHA256",
                 "pattern": {
-                    "pattern": "(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))",
+                    "pattern": "(?<!\\bno)(?<!\\bno-)(?<!\\bno_)(?<!\\bdisable_)(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))",
                     "type": "regex",
                     "scopes": [
                         "code"
@@ -40,7 +40,7 @@
                 "type": "RegexReplace",
                 "replacement": "SHA512",
                 "pattern": {
-                    "pattern": "(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))",
+                    "pattern": "(?<!\\bno)(?<!\\bno-)(?<!\\bno_)(?<!\\bdisable_)(MD2|MD4|MD5|RIPEMD|RIPEMD(128|256|160|320)|(SHA0|SHA-0|SHA1|SHA-1))",
                     "type": "regex",
                     "scopes": [
                         "code"
@@ -53,7 +53,7 @@
                 "type": "RegexReplace",
                 "replacement": "sha512",
                 "pattern": {
-                    "pattern": "(md2|md4|md5|ripemd|ripemd(128|256|160|320)|(sha0|sha-0|sha1|sha-1))",
+                    "pattern": "(?<!\\bno)(?<!\\bno-)(?<!\\bno_)(?<!\\bdisable_)(md2|md4|md5|ripemd|ripemd(128|256|160|320)|(sha0|sha-0|sha1|sha-1))",
                     "type": "regex",
                     "scopes": [
                         "code"
@@ -66,7 +66,7 @@
                 "type": "RegexReplace",
                 "replacement": "sha256",
                 "pattern": {
-                    "pattern": "(md2|md4|md5|ripemd|ripemd(128|256|160|320)|(sha0|sha-0|sha1|sha-1))",
+                    "pattern": "(?<!\\bno)(?<!\\bno-)(?<!\\bno_)(?<!\\bdisable_)(md2|md4|md5|ripemd|ripemd(128|256|160|320)|(sha0|sha-0|sha1|sha-1))",
                     "type": "regex",
                     "scopes": [
                         "code"
@@ -80,7 +80,10 @@
             "echo -n Welcome | md5sum"
         ],
         "must-not-match": [
-            "SHA512"
+            "SHA512",
+            "makeself --sha256 --nomd5",
+            "--nomd5",
+            "disable_md5_check"
         ]
     },
     {