296 matches found
CVE-2026-43867
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...
CVE-2026-43867
The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...
PT-2026-55886
☕ Apache Camel critical alert: CVE-2026-43867 hits the camel-pqc component. Post-quantum key metadata deserialized via ObjectInputStream with zero ObjectInputFilter — unauthenticated RCE risk at CVSS 9.8. Check your Camel builds now. AppSec Apache https://t.co/iaMBNrOfI0 https://t.co/mkIJ19Sd5Y...
Accelerating the quantum-safe timeline
The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...
PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms
PostgreSQL project reports: channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection...
CVE-2026-7531 Use-after-free in PQC hybrid key-share handling
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
EUVD-2026-39554
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
CVE-2026-7531
CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
PT-2026-52577
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
Post-Quantum Cryptography Is Coming, but Your DNS Might Not Be Ready
Learn why crypto-agility depends not just on adopting the right standards, but on maintaining a clear, unified view of your DNS environment before the migration begins...
The Clock Is Already Ticking: Why Post-Quantum Cryptography Can’t Wait
There is a question I have been hearing more and more from CISOs, compliance officers, and security architects over the past year. It does not start with "we had a breach" or "we failed an audit." It starts with something that sounds almost philosophical: " Are we quantum-safe?" A year ago, that...
CVE-2026-41509
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in cryptosignopen caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...
Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography
The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...
SUSE CVE-2026-44518
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...
SUSE CVE-2026-46344
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
Linux Distros Unpatched Vulnerability : CVE-2026-46344
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has...
CVE-2026-46344
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
EUVD-2026-33413
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...