π¨ CVE-2026-10097
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the final 32-byte block of the 1568-byte ML-KEM-1024 ciphertext, so a ciphertext manipulated only in those final bytes would compare as equal and decapsulation returned the real shared secret instead of performing the required implicit rejection.
π@cveNotify
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the final 32-byte block of the 1568-byte ML-KEM-1024 ciphertext, so a ciphertext manipulated only in those final bytes would compare as equal and decapsulation returned the real shared secret instead of performing the required implicit rejection.
π@cveNotify
GitHub
ML-KEM: fix AVX2 assembly by SparkiDev Β· Pull Request #10430 Β· wolfSSL/wolfssl
Description
AVX2 not decompressing 5-bit values correctly.
AVX2 not comparing last 32 bytes of ciphertext.
Protect mlkemkey_get_k to only be compiled when make key is compiled in.
Fixes zd#21471
Te...
AVX2 not decompressing 5-bit values correctly.
AVX2 not comparing last 32 bytes of ciphertext.
Protect mlkemkey_get_k to only be compiled when make key is compiled in.
Fixes zd#21471
Te...
π¨ CVE-2026-10512
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the x64 and AVX2 reduction routines could overflow into the top bit, and the high limb was not masked afterward, so the 255-bit field element was left non-canonical.
π@cveNotify
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the x64 and AVX2 reduction routines could overflow into the top bit, and the high limb was not masked afterward, so the 255-bit field element was left non-canonical.
π@cveNotify
GitHub
X25519 x64 ASM: fix full reduction by SparkiDev Β· Pull Request #10536 Β· wolfSSL/wolfssl
Description
The last add was overflowing into the top bit.
Must mask the last word to clear top bit.
Add test vectors from Wycheproof.
Fixes zd#21864
Testing
Added KATs to test_curve25519.c
Tests n...
The last add was overflowing into the top bit.
Must mask the last word to clear top bit.
Add test vectors from Wycheproof.
Fixes zd#21864
Testing
Added KATs to test_curve25519.c
Tests n...
π¨ CVE-2026-10592
Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.
π@cveNotify
Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.
π@cveNotify
GitHub
NameConstraints: support wildcard SAN by rizlik Β· Pull Request #10549 Β· wolfSSL/wolfssl
Description
Proper NameConstraint checking in case of wildcard in the SAN DNS types
Proper NameConstraint checking in case of wildcard in the SAN DNS types
π¨ CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509_verify_cert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts.
π@cveNotify
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509_verify_cert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts.
π@cveNotify
GitHub
Fixes for OpenSSL compatibility layer by Frauschi Β· Pull Request #10674 Β· wolfSSL/wolfssl
Various fixes and hardening for the OpenSSL compatibility layer. Adds regression tests as well.
Fixes zd21920.
Fixes zd21920.
π¨ CVE-2026-12340
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is no out-of-bounds write. Note this only affects builds with SM2 support (--enable-sm2 or --enable-all).
π@cveNotify
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is no out-of-bounds write. Note this only affects builds with SM2 support (--enable-sm2 or --enable-all).
π@cveNotify
GitHub
Fixes for SM2/3 and FindMultiAttrib by rlm2002 Β· Pull Request #10641 Β· wolfSSL/wolfssl
Description
Prevent potential heap-buffer-overflow (out of bounds read) when SM2/SM3 is enabled. Reject a certificate with an SM3wSM2 signatureAlgorithm and a public key shorter than 65 bytes, (cer...
Prevent potential heap-buffer-overflow (out of bounds read) when SM2/SM3 is enabled. Reject a certificate with an SM3wSM2 signatureAlgorithm and a public key shorter than 65 bytes, (cer...
π¨ CVE-2026-2299
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
π@cveNotify
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
π@cveNotify
GitHub
Release v1.1.0 Β· mattermost/mattermost-plugin-google-drive
Supported Mattermost Server Versions: 6.2.1+
Enhancements
Fixes
c8e4c79 Auto generate version based on git info (#55)
8cbbb61 Delete .github/workflows/cd.yml (#54)
2fe647c Mark confidential settin...
Enhancements
Fixes
c8e4c79 Auto generate version based on git info (#55)
8cbbb61 Delete .github/workflows/cd.yml (#54)
2fe647c Mark confidential settin...
π¨ CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially causing a remote denial of service crash. The bag is sized to hold a normal handshake, so this is reached only by an unusually large but valid certificate chain, or by a malicious or man-in-the-middle server sending an oversized handshake message to a client that does not strictly verify the chain. This only affects builds using the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled, and is rated High within those builds. All other configurations are unaffected.
π@cveNotify
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially causing a remote denial of service crash. The bag is sized to hold a normal handshake, so this is reached only by an unusually large but valid certificate chain, or by a malicious or man-in-the-middle server sending an oversized handshake message to a client that does not strictly verify the chain. This only affects builds using the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled, and is rated High within those builds. All other configurations are unaffected.
π@cveNotify
GitHub
Renesas TSIP: skip XMEMCPY on MEMORY_E from tsip_StoreMessage() by cconlon Β· Pull Request #10705 Β· wolfSSL/wolfssl
Description
This PR fixes the Renesas TSIP port's tsip_StoreMessage() to skip calling XMEMCPY when buffer sanity checks have failed.
Fixes item 9 from ZD 21992.
Checklist
added tests
upd...
This PR fixes the Renesas TSIP port's tsip_StoreMessage() to skip calling XMEMCPY when buffer sanity checks have failed.
Fixes item 9 from ZD 21992.
Checklist
added tests
upd...
π¨ CVE-2026-55960
Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all.
π@cveNotify
Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all.
π@cveNotify
GitHub
Various fixes by Frauschi Β· Pull Request #10702 Β· wolfSSL/wolfssl
Hardening and correctness fixes for certificate, TLS, and crypto paths
A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:
PKCS7: stric...
A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:
PKCS7: stric...
π¨ CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) added while building a certificate path were previously exempted from this check, so an intermediate asserting CA:TRUE but lacking keyCertSign was accepted as a signing CA. The check now applies to chain-supplied temporary CAs as well; only operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed roots remain exempt. Per RFC 5280 an absent Key Usage extension implies all usages, so the requirement is enforced only when the extension is actually present (extKeyUsageSet). Affects the OpenSSL-compatibility certificate-path-building path (X509_verify_cert / X509_STORE, OPENSSL_EXTRA/OPENSSL_ALL), where untrusted chain intermediates are added as temporary CAs; native (non-OpenSSL-compat) certificate verification does not create temporary CAs and is unaffected. Within those builds, the check applies unless ALLOW_INVALID_CERTSIGN is defined.
π@cveNotify
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) added while building a certificate path were previously exempted from this check, so an intermediate asserting CA:TRUE but lacking keyCertSign was accepted as a signing CA. The check now applies to chain-supplied temporary CAs as well; only operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed roots remain exempt. Per RFC 5280 an absent Key Usage extension implies all usages, so the requirement is enforced only when the extension is actually present (extKeyUsageSet). Affects the OpenSSL-compatibility certificate-path-building path (X509_verify_cert / X509_STORE, OPENSSL_EXTRA/OPENSSL_ALL), where untrusted chain intermediates are added as temporary CAs; native (non-OpenSSL-compat) certificate verification does not create temporary CAs and is unaffected. Within those builds, the check applies unless ALLOW_INVALID_CERTSIGN is defined.
π@cveNotify
GitHub
Various fixes by Frauschi Β· Pull Request #10702 Β· wolfSSL/wolfssl
Hardening and correctness fixes for certificate, TLS, and crypto paths
A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:
PKCS7: stric...
A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:
PKCS7: stric...
π¨ CVE-2026-57521
Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers can exploit the missing ManageOrganizationBillingRequirement on the preview invoice endpoints to retrieve Stripe-computed tax totals, subscription status, and billing details derived from any target organization's real customer and subscription data.
π@cveNotify
Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers can exploit the missing ManageOrganizationBillingRequirement on the preview invoice endpoints to retrieve Stripe-computed tax totals, subscription status, and billing details derived from any target organization's real customer and subscription data.
π@cveNotify
GitHub
[PM-34848] Add authorization to PreviewInvoiceController org endpoint⦠· bitwarden/server@0a3d9f9
β¦s (#7583)
* [PM-34848] Add authorization to PreviewInvoiceController org-scoped endpoints
* [PM-34848] Apply dotnet format
* [PM-34848] Add authorization to PreviewInvoiceController org-scoped endpoints
* [PM-34848] Apply dotnet format
π¨ CVE-2026-57522
Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template references a user-controlled token (such as #ActingUserName# or #UserName#, populated from a member's display name), an authenticated member can set their display name to JSON metacharacters and inject arbitrary key-value pairs into the rendered payloads delivered to webhook, SIEM, Slack, Teams, or Datadog endpoints, making injected fields indistinguishable from legitimate template output.
π@cveNotify
Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template references a user-controlled token (such as #ActingUserName# or #UserName#, populated from a member's display name), an authenticated member can set their display name to JSON metacharacters and inject arbitrary key-value pairs into the rendered payloads delivered to webhook, SIEM, Slack, Teams, or Datadog endpoints, making injected fields indistinguishable from legitimate template output.
π@cveNotify
GitHub
PM-34680 serialize values to prevent injection (#7593) Β· bitwarden/server@a26afd1
Bitwarden infrastructure/backend (API, database, Docker, etc). - PM-34680 serialize values to prevent injection (#7593) Β· bitwarden/server@a26afd1
π¨ CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
π@cveNotify
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
π@cveNotify
GitHub
Hardening in TLSX_KeyShare_ProcessPqcHybridClient by embhorn Β· Pull Request #10327 Β· wolfSSL/wolfssl
Description
Set pointer to NULL to prevent double free with a malformed ECDH key.
Fixes zd21704
Testing
Added test_tls13_pqc_hybrid_malformed_ecdh
Checklist
added tests
updated/added doxygen
up...
Set pointer to NULL to prevent double free with a malformed ECDH key.
Fixes zd21704
Testing
Added test_tls13_pqc_hybrid_malformed_ecdh
Checklist
added tests
updated/added doxygen
up...
π¨ CVE-2026-38640
A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string.
π@cveNotify
A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38640 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-56445
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
π@cveNotify
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
π@cveNotify
π¨ CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.
π@cveNotify
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.
π@cveNotify
GitHub
Report cert verify failure with MD5 by embhorn Β· Pull Request #10222 Β· wolfSSL/wolfssl
Description
Added a verify-mode guard to the CTC_MD5wRSA case in HashForSignature(), mirroring the existing MD2 sign/verify precedent. MD5-signed certificates now return HASH_TYPE_E during chain ve...
Added a verify-mode guard to the CTC_MD5wRSA case in HashForSignature(), mirroring the existing MD2 sign/verify precedent. MD5-signed certificates now return HASH_TYPE_E during chain ve...
π¨ CVE-2026-6450
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.
π@cveNotify
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.
π@cveNotify
GitHub
reject crls with unrecognized critical extensions by gasbytes Β· Pull Request #10239 Β· wolfSSL/wolfssl
Description
reject crls with unrecognized critical extensions per rfc 5280 section 5.2
Fixes zd#21634
Testing
make -j8 && make check (changes includes two tests covering the appropr...
reject crls with unrecognized critical extensions per rfc 5280 section 5.2
Fixes zd#21634
Testing
make -j8 && make check (changes includes two tests covering the appropr...
π¨ CVE-2026-6678
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.
π@cveNotify
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.
π@cveNotify
GitHub
PKCS#7 fixes by Frauschi Β· Pull Request #10203 Β· wolfSSL/wolfssl
Fixes for various issues found in PKCS#7 code.
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with --en...
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with --en...
π¨ CVE-2026-6679
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
π@cveNotify
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
π@cveNotify
GitHub
Additional fixes by Frauschi Β· Pull Request #10116 Β· wolfSSL/wolfssl
zd21457
π¨ CVE-2026-6681
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
π@cveNotify
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
π@cveNotify
GitHub
Additional fixes by Frauschi Β· Pull Request #10116 Β· wolfSSL/wolfssl
zd21457
π¨ CVE-2026-6731
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
π@cveNotify
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
π@cveNotify
GitHub
CN constraints fix by rlm2002 Β· Pull Request #10223 Β· wolfSSL/wolfssl
Description
Applies DNS name constraints to Subject CN when SAN is unavailable.
Fixes zd#21611
Checklist
added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and docume...
Applies DNS name constraints to Subject CN when SAN is unavailable.
Fixes zd#21611
Checklist
added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and docume...
π¨ CVE-2025-71327
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
π@cveNotify
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
π@cveNotify
GitHub
Authentication Bypass Using Unprotected Registration Endpoint (/register)
### Summary
An unauthenticated attacker can exploit the unprotected registration endpoint (/register) to create a new user and bypass authentication .
### Details
Critical vulnerability in Flowi...
An unauthenticated attacker can exploit the unprotected registration endpoint (/register) to create a new user and bypass authentication .
### Details
Critical vulnerability in Flowi...