24 matches found
EUVD-2026-41834
Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...
Linux Distros Unpatched Vulnerability : CVE-2026-7531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
DEBIAN-CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
org.apache.camel.springboot:camel-pqc-starter (=4.19.0) potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (=4.19.0)
org.apache.camel:camel-pqc MAVEN version =4.19.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-pqc and may be impacted: - org.apache.camel.springboot:camel-pqc-starter =4.19.0 Source cves: CVE-2026-40048 Source advisory:...
GHSA-V3VG-332R-MW99 Camel-PQC Vulnerable to Deserialization of Untrusted Data
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
Camel-PQC Vulnerable to Deserialization of Untrusted Data
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
CVE-2026-40048
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
PT-2026-35369
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
java-1.8.0-openjdk security update
1:1.8.0.492.b09-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.492.b09-1 - Update to 8u492-b09 GA - Update release notes for 8u492-b09. - Add missing CVEs for 8u482. - Regenerate JDK-8199936/PR3533 patch following JDK-8374917 - Regenerate JDK-8186464/RH1433262 patch following...
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...
CVE-2026-5460
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...
CVE-2026-5460
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...
pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)
libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-CP57-FQ8G-QH6V...
pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)
libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-XRF2-5R3P-5WGJ...
pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)
libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0076...
libcrux-digest (>=0.0.4 <=0.0.7-rc.1), libcrux-kem (>=0.0.2 <=0.0.2-beta.3) +7 more potentially affected by unknown CVE via libcrux-sha3 (>=0.0.2-beta.3 <=0.0.8-rc.1)
libcrux-sha3 CARGO version =0.0.2-beta.3, =0.0.4, =0.0.2, =0.0.3, =0.0.2-alpha.1, =0.0.2-alpha.3 - libcrux-psq =0.0.2-beta.3 - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 - wpa-next =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0074...
net-snmp security update
5.9.1-17.0.1.1 - fix error index value when snmpget is used a proxy pass Orabug: 35010262 1:5.9.1-17.1 - fix out of bound access issue RHEL-137510 - enable PQC RHEL-132653...
Assessing and Enhancing Quantum Readiness in Mobile Apps
Quantum computers threaten widely deployed cryptographic primitives such as RSA, DSA, and ECC. While NIST has released post-quantum cryptographic PQC standards e.g., Kyber, Dilithium, mobile app ecosystems remain largely unprepared for this transition. We present a large-scale binary analysis of...