CVE-2026-34610
The CVE affects leancrypto's PQC-focused crypto library. Before 1.7.1, lc_x509_extract_name_segment() truncates size_t vlen to uint8_t for CN length, allowing an attacker to craft a certificate whose CN impersonates the victim’s CN during PKCS#7 verification, certificate chain matching, and code ...