Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.11 views

CVE-2026-22696

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 9:28 p.m.6 views

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 9:28 p.m.15 views

CVE-2026-22696

CVE-2026-22696 concerns the dcap-qvl library used for SGX/TDX quote verification. The issue is a gap in cryptographic verification where QE Identity collateral is fetched from PCCS but the QE Identity signature is not verified against its certificate chain, and QE Report policy checks are not enf...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 6:55 p.m.4 views

GHSA-796P-J2GH-9M2Q dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/01/26 6:55 p.m.7 views

nearai-cloud-verifier (=0.0.1-alpha.1) potentially affected by CVE-2026-22696 via @phala/dcap-qvl-node (=0.3.3)

@phala/dcap-qvl-node NPM version =0.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on @phala/dcap-qvl-node and may be impacted: - nearai-cloud-verifier =0.0.1-alpha.1 Source cves: CVE-2026-22696 Source advisory: OSV:GHSA-796P-J2GH-9M2Q...

9.3CVSS5.8AI score0.00208EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4820

Name of the Vulnerable Software and Affected Versions dcap-qvl versions prior to 0.3.9 Description The dcap-qvl library contains a flaw in its quote verification logic. The library retrieves QE Identity collateral from the PCCS, but fails to verify the QE Identity signature against its certificat...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References12
Rows per page
Query Builder