CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

GHSA-R353-4845-PR5P simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

CVE-2026-32600

xml-security is a library that implements XML signatures and encryption. Prior to 2.3.1, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key,...

GO-2026-4694 SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm

SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm...

CVE-2026-32313

CVE-2026-32313 affects the PHP library xmlseclibs (XML Encryption/Signatures). Prior to version 3.1.5, nodes encrypted with AES-128/192/256-GCM lack validation of the authentication tag length, enabling an attacker to brute-force the tag, recover the GHASH key, and decrypt encrypted nodes. The vu...

CVE-2026-32313 xmlseclibs is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

SM9 Infinity-Point Ciphertext Forgery Vulnerability

Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...

GHSA-5XXP-2VRJ-X855 SM9 Infinity-Point Ciphertext Forgery Vulnerability

Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...

EUVD-2026-12101

SM9 Infinity-Point Ciphertext Forgery Vulnerability...

PT-2026-25372

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness

Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...

GHSA-WQGP-VPHW-HPHF Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness

Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...

Google Tink Data Forgery Issue Vulnerability

Tink is the United States Google Google a multi-language cross-platform to provide encryption API of a development library. A security vulnerability exists in versions of Tink prior to 1.5, which stems from incorrect handling of invalid unicode characters and can be exploited by an attacker to...