CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

GHSA-F659-372H-6X3X netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

CLSA-2026-1778072039 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

CVE-2026-3849

CVE-2026-3849 describes a stack buffer overflow in wolfSSL 5.8.4’s ECH (Encrypted Client Hello) support, specifically in wc_HpkeLabeledExtract triggered by an oversized ECH config. The issue could allow remote execution or a client crash when a malicious TLS server sends a crafted ECH config. ECH...

PT-2026-26349

Stack Buffer Overflow in wc HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

Nonce Reuse in HPKE Context

The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...

On the Impossibility of Simulation Security for Quantum Functional Encryption

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE simulation security has been shown to be impossible in the classical setting, those impossibility results...

RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. A vulnerability in cryptographic issues exists in versions prior to Jervis 2.2, which stems from the use of PKCS1Encoding encryption that is vulnerable to the Bleichenbacher padding prediction attack...

CVE-2026-22700 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

EUVD-2026-1876

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

CVE-2026-22698

CVE-2026-22698 affects the RustCrypto Elliptic Curves library (SM2 PKE) in versions 0.14.0-pre.0 through 0.14.0-rc.0. The root cause is a unit-mismatch in the nonce generation path: the code computes the nonce length as a 32-bit value but feeds it as a bit-length to the RNG, producing a 32-bit en...

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

GHSA-W3G8-FP6J-WVQW SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

PT-2026-2248

Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The Elliptic Curves library within RustCrypto, a general-purpose Elliptic Curve Cryptography ECC implementation, contains a flaw in its SM2 Public Key Encryption PKE...

CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...