2 matches found
CVE-2026-22696
CVE-2026-22696 concerns the dcap-qvl library used for SGX/TDX quote verification. The issue is a gap in cryptographic verification where QE Identity collateral is fetched from PCCS but the QE Identity signature is not verified against its certificate chain, and QE Report policy checks are not enf...
PT-2026-4820
Name of the Vulnerable Software and Affected Versions dcap-qvl versions prior to 0.3.9 Description The dcap-qvl library contains a flaw in its quote verification logic. The library retrieves QE Identity collateral from the PCCS, but fails to verify the QE Identity signature against its certificat...