๐จ CVE-2026-55962
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, but it was also being applied while a post-handshake CertificateRequest was still outstanding. The check is now scoped to the initial handshake only: on the server, once a post-handshake CertificateRequest has been sent (certReqCtx is set), a peer certificate and a valid CertificateVerify are required again before the Finished is accepted, with empty-certificate handling following the configured verify mode (FAIL_IF_NO_PEER_CERT) just as during first-handshake client authentication. Only affects TLS 1.3 servers built with post-handshake authentication support (WOLFSSL_POST_HANDSHAKE_AUTH / --enable-postauth, included in --enable-all) that enable WOLFSSL_VERIFY_POST_HANDSHAKE and request a client certificate after the handshake via wolfSSL_request_certificate(). Clients, and servers that do not use post-handshake authentication, are unaffected.
๐@cveNotify
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, but it was also being applied while a post-handshake CertificateRequest was still outstanding. The check is now scoped to the initial handshake only: on the server, once a post-handshake CertificateRequest has been sent (certReqCtx is set), a peer certificate and a valid CertificateVerify are required again before the Finished is accepted, with empty-certificate handling following the configured verify mode (FAIL_IF_NO_PEER_CERT) just as during first-handshake client authentication. Only affects TLS 1.3 servers built with post-handshake authentication support (WOLFSSL_POST_HANDSHAKE_AUTH / --enable-postauth, included in --enable-all) that enable WOLFSSL_VERIFY_POST_HANDSHAKE and request a client certificate after the handshake via wolfSSL_request_certificate(). Clients, and servers that do not use post-handshake authentication, are unaffected.
๐@cveNotify
GitHub
Various fixes by Frauschi ยท Pull Request #10702 ยท wolfSSL/wolfssl
Hardening and correctness fixes for certificate, TLS, and crypto paths
A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:
PKCS7: stric...
A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:
PKCS7: stric...
๐จ CVE-2026-6092
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
๐@cveNotify
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
๐@cveNotify
GitHub
Fix ETM on resumption by embhorn ยท Pull Request #10167 ยท wolfSSL/wolfssl
Description
Correctly handle non-resumption path for encrypt-then-mac.
Fixes zd21571
Testing
Added test_tls12_etm_failed_resumption
Checklist
added tests
updated/added doxygen
updated appropria...
Correctly handle non-resumption path for encrypt-then-mac.
Fixes zd21571
Testing
Added test_tls12_etm_failed_resumption
Checklist
added tests
updated/added doxygen
updated appropria...
๐จ CVE-2026-6325
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.
๐@cveNotify
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.
๐@cveNotify
GitHub
SetSuitesHashSigAlgo fix by mattia-moffa ยท Pull Request #10204 ยท wolfSSL/wolfssl
Description
Fixes zd#21599
Testing
./configure --enable-opensslextra
make && make check
Fixes zd#21599
Testing
./configure --enable-opensslextra
make && make check
๐จ CVE-2026-6329
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.
๐@cveNotify
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.
๐@cveNotify
GitHub
Various fixes by mattia-moffa ยท Pull Request #10192 ยท wolfSSL/wolfssl
Description
Fixes ZD#21457 (27, 30, 31)
Testing
./configure --enable-pkcs12 && make && make check
./configure --host=aarch64-linux-gnu --enable-armasm --enable-mlkem...
Fixes ZD#21457 (27, 30, 31)
Testing
./configure --enable-pkcs12 && make && make check
./configure --host=aarch64-linux-gnu --enable-armasm --enable-mlkem...
๐จ CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating party could fail to detect a manipulated ciphertext and proceed without the standard's required implicit rejection.
๐@cveNotify
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating party could fail to detect a manipulated ciphertext and proceed without the standard's required implicit rejection.
๐@cveNotify
GitHub
Various fixes by mattia-moffa ยท Pull Request #10192 ยท wolfSSL/wolfssl
Description
Fixes ZD#21457 (27, 30, 31)
Testing
./configure --enable-pkcs12 && make && make check
./configure --host=aarch64-linux-gnu --enable-armasm --enable-mlkem...
Fixes ZD#21457 (27, 30, 31)
Testing
./configure --enable-pkcs12 && make && make check
./configure --host=aarch64-linux-gnu --enable-armasm --enable-mlkem...
๐จ CVE-2026-6331
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.
๐@cveNotify
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.
๐@cveNotify
GitHub
Various fixes by mattia-moffa ยท Pull Request #10192 ยท wolfSSL/wolfssl
Description
Fixes ZD#21457 (27, 30, 31)
Testing
./configure --enable-pkcs12 && make && make check
./configure --host=aarch64-linux-gnu --enable-armasm --enable-mlkem...
Fixes ZD#21457 (27, 30, 31)
Testing
./configure --enable-pkcs12 && make && make check
./configure --host=aarch64-linux-gnu --enable-armasm --enable-mlkem...
๐จ CVE-2026-7511
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
๐@cveNotify
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
๐@cveNotify
GitHub
PKCS#7 fixes by Frauschi ยท Pull Request #10203 ยท wolfSSL/wolfssl
Fixes for various issues found in PKCS#7 code.
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with --en...
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with --en...
๐จ CVE-2026-7532
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.
๐@cveNotify
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.
๐@cveNotify
GitHub
Fix IPSAN and registeredID handling by embhorn ยท Pull Request #10354 ยท wolfSSL/wolfssl
Description
This PR fixes name-constraint enforcement gaps by ensuring iPAddress and registeredID GeneralNames are always parsed/stored.
Fixes zd21725
Testing
Added element to ConfirmNameConstraint...
This PR fixes name-constraint enforcement gaps by ensuring iPAddress and registeredID GeneralNames are always parsed/stored.
Fixes zd21725
Testing
Added element to ConfirmNameConstraint...
๐จ CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
๐@cveNotify
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2025-2586
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.
๐@cveNotify
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.
๐@cveNotify
๐จ CVE-2025-3155
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
๐@cveNotify
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
๐@cveNotify
๐จ CVE-2025-32906
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
๐@cveNotify
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
๐@cveNotify
๐จ CVE-2025-32908
A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).
๐@cveNotify
A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).
๐@cveNotify
๐จ CVE-2025-32913
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
๐@cveNotify
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
๐@cveNotify
๐จ CVE-2025-32911
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
๐@cveNotify
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
๐@cveNotify
๐จ CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
๐@cveNotify
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
๐@cveNotify
Brightpick
Contact us - Brightpick
Interested in exploring how Brightpick can help you cut costs, ship more orders and improve customer service?
๐จ CVE-2025-64308
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.
๐@cveNotify
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.
๐@cveNotify
Brightpick
Contact us - Brightpick
Interested in exploring how Brightpick can help you cut costs, ship more orders and improve customer service?
๐จ CVE-2025-64309
The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
๐@cveNotify
The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
๐@cveNotify
Brightpick
Contact us - Brightpick
Interested in exploring how Brightpick can help you cut costs, ship more orders and improve customer service?
๐จ CVE-2026-7500
When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional โ including both read and write operations โ because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.
๐@cveNotify
When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional โ including both read and write operations โ because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.
๐@cveNotify
๐จ CVE-2026-8830
A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.
๐@cveNotify
A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.
๐@cveNotify
๐จ CVE-2026-8922
A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management.
๐@cveNotify
A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management.
๐@cveNotify