JLSEC-2026-565 In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the...

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...

UBUNTU-CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

libjwt 加密问题漏洞

LibJWT is a C-language library developed by Ben Collins, designed for generating and verifying JSON Web Tokens. Versions 3.0.0 to 3.3.2 of LibJWT contain vulnerabilities related to encryption. These vulnerabilities arise from accepting RSA JWKs without an alg parameter as the verification key for...

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

CVE-2026-42576

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

EUVD-2026-28934

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

apko 代码问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had code vulnerabilities. These vulnerabilities stemmed from DiscoverKeys’ unconditional assertion of JWKS key types as rsa.PublicKey without checking the key type. This could lead to panic and crashes due to...

GHSA-2F25-PFQ3-C7H8 Phpseclib needs guardrails on large binaryfield integers

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f Workarounds No. References...

phpseclib guardrails needed on OID length

Impact Any application using that loads untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 Workarounds No. Resources...

CVE-2026-44405

Paramiko up to 4.0.0 (before commit a4489456b6f65281e172380cc4826cee5e851dbb) permits SHA-1 in rsakey.py. Affected: Paramiko’s RSA key handling. Root cause: use of SHA-1 algorithm. Impact: low (Confidentiality: None, Integrity: Low). Remediation: apply the patch introduced in the a448945 commit (...

phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc Workarounds No. References...

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the DiscoverKeys process. An attacker can cause the application to crash by providing a non-RSA key such as an EC key from a repository JWKS endpoint, which triggers a panic due to an unchecked type...

PT-2026-37053

Name of the Vulnerable Software and Affected Versions apko versions prior to 1.2.7 Description The DiscoverKeys function in pkg/apk/apk/implementation.go performs an unconditional type-assertion of JWKS JSON Web Key Set keys as rsa.PublicKey without verifying the key type. If a repository JWKS...

Astra Linux - уязвимость в mbedtls

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

Astra Linux - уязвимость в mbedtls

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability exists in the decoding of Base64 PEM files. This vulnerability allows system-level administrator attackers to obtain information about secret RSA keys through a controlled-channel and side-channel attack on software running in...

JLSEC-2026-246 Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact...

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006674 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 as defined in PKCS 1...

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the use of weak RSA keys and the lack of authentication at the endpoint, which could lead...

Amazon Linux 2023 : gnupg2, gnupg2-minimal, gnupg2-smime (ALAS2023-2026-1427)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1427 advisory. In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. CVE-2026-24882 Tenable has extracted the preceding...

openSUSE 16 Security Update : openCryptoki (openSUSE-SU-2026:20233-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20233-1 advisory. Upgrade openCryptoki to 3.26 jscPED-14609 Security fixes: - CVE-2026-22791: supplying malformed compressed EC public key can lead to heap...