π¨ CVE-2026-54905
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITE_LOCK_HELD. After 32,768 reentrant read acquisitions, the local read count crosses into the write-lock bit. try_write_lock then treats the thread as already holding a write lock and returns true without setting the global RUNNING_WRITER bit. This breaks the core mutual-exclusion guarantee: the caller is told it has a write lock, but other threads can still hold or acquire read locks at the same time. This vulnerability is fixed in 1.3.7.
π@cveNotify
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITE_LOCK_HELD. After 32,768 reentrant read acquisitions, the local read count crosses into the write-lock bit. try_write_lock then treats the thread as already holding a write lock and returns true without setting the global RUNNING_WRITER bit. This breaks the core mutual-exclusion guarantee: the caller is told it has a write lock, but other threads can still hold or acquire read locks at the same time. This vulnerability is fixed in 1.3.7.
π@cveNotify
GitHub
`ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
### Summary
`Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times.
The lock stores a thread's local read and write hol...
`Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times.
The lock stores a thread's local read and write hol...
π¨ CVE-2026-54906
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still running. Concurrent::ReadWriteLock#release_read_lock also decrements the shared counter even when no read lock is held. Calling it on a fresh lock changes the counter from 0 to -1, after which normal read acquisition raises Concurrent::ResourceLimitError. This is a synchronization correctness issue in the public Concurrent::ReadWriteLock API. This vulnerability is fixed in 1.3.7.
π@cveNotify
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still running. Concurrent::ReadWriteLock#release_read_lock also decrements the shared counter even when no read lock is held. Calling it on a fresh lock changes the counter from 0 to -1, after which normal read acquisition raises Concurrent::ResourceLimitError. This is a synchronization correctness issue in the public Concurrent::ReadWriteLock API. This vulnerability is fixed in 1.3.7.
π@cveNotify
GitHub
ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
### Summary
`Concurrent::ReadWriteLock#release_write_lock` does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lo...
`Concurrent::ReadWriteLock#release_write_lock` does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lo...
π¨ CVE-2026-44016
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0.
π@cveNotify
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0.
π@cveNotify
GitHub
Release v2.91.0 Β· docling-project/docling
Feature
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
π¨ CVE-2026-44017
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.
π@cveNotify
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.
π@cveNotify
GitHub
Release v2.91.0 Β· docling-project/docling
Feature
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
π¨ CVE-2026-44020
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could read arbitrary files from the server filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial of service through entity expansion (Billion Laughs attack). The vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x. This vulnerability is fixed in 2.74.0.
π@cveNotify
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could read arbitrary files from the server filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial of service through entity expansion (Billion Laughs attack). The vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x. This vulnerability is fixed in 2.74.0.
π@cveNotify
GitHub
Unsafe XML Entity Expansion in USPTO Patent Backend
### Impact
The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML fi...
The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML fi...
π¨ CVE-2026-44022
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0.
π@cveNotify
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0.
π@cveNotify
GitHub
Release v2.91.0 Β· docling-project/docling
Feature
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
π¨ CVE-2025-60468
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file with MP4Box can trigger the bug during filter teardown (PID instance swap/delete), causing a crash. ΒΆΒΆ In GPAC s MP4Box, gf_filter_pid_inst_swap_delete_task() in filter_core/filter_pid.c may dereference objects after they have been freed when cleaning up PID instances after a swap/delete operation. Crafted inputs (e.g., malformed MPEG-2 TS) can trigger a heap use-after-free and crash; exploitation may be possible.
π@cveNotify
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file with MP4Box can trigger the bug during filter teardown (PID instance swap/delete), causing a crash. ΒΆΒΆ In GPAC s MP4Box, gf_filter_pid_inst_swap_delete_task() in filter_core/filter_pid.c may dereference objects after they have been freed when cleaning up PID instances after a swap/delete operation. Crafted inputs (e.g., malformed MPEG-2 TS) can trigger a heap use-after-free and crash; exploitation may be possible.
π@cveNotify
GitHub
Fixed #3286 Β· gpac/gpac@976dacf
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - Fixed #3286 Β· gpac/gpac@976dacf
π¨ CVE-2026-2050
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28266.
π@cveNotify
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28266.
π@cveNotify
GitLab
ZDI-CAN-28266: guard against buffer overflow (!241) Β· Merge requests Β· GNOME / gegl Β· GitLab
Closes #446 In rgbe_read_new_rle we...
π¨ CVE-2026-9772
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The specific flaw exists within FileUpload.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30116.
π@cveNotify
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The specific flaw exists within FileUpload.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30116.
π@cveNotify
π¨ CVE-2026-9773
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The specific flaw exists within ToggleState.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30134.
π@cveNotify
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The specific flaw exists within ToggleState.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30134.
π@cveNotify
π¨ CVE-2026-7569
Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the viewclient webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28202.
π@cveNotify
Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the viewclient webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28202.
π@cveNotify
π¨ CVE-2026-12473
Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted.
π@cveNotify
Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted.
π@cveNotify
π¨ CVE-2026-56445
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
π@cveNotify
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
π@cveNotify
π¨ CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.
π@cveNotify
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.
π@cveNotify
GitHub
Report cert verify failure with MD5 by embhorn Β· Pull Request #10222 Β· wolfSSL/wolfssl
Description
Added a verify-mode guard to the CTC_MD5wRSA case in HashForSignature(), mirroring the existing MD2 sign/verify precedent. MD5-signed certificates now return HASH_TYPE_E during chain ve...
Added a verify-mode guard to the CTC_MD5wRSA case in HashForSignature(), mirroring the existing MD2 sign/verify precedent. MD5-signed certificates now return HASH_TYPE_E during chain ve...
π¨ CVE-2026-6450
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.
π@cveNotify
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.
π@cveNotify
GitHub
reject crls with unrecognized critical extensions by gasbytes Β· Pull Request #10239 Β· wolfSSL/wolfssl
Description
reject crls with unrecognized critical extensions per rfc 5280 section 5.2
Fixes zd#21634
Testing
make -j8 && make check (changes includes two tests covering the appropr...
reject crls with unrecognized critical extensions per rfc 5280 section 5.2
Fixes zd#21634
Testing
make -j8 && make check (changes includes two tests covering the appropr...
π¨ CVE-2026-6678
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.
π@cveNotify
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.
π@cveNotify
GitHub
PKCS#7 fixes by Frauschi Β· Pull Request #10203 Β· wolfSSL/wolfssl
Fixes for various issues found in PKCS#7 code.
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with --en...
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with --en...
π¨ CVE-2026-6679
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
π@cveNotify
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
π@cveNotify
GitHub
Additional fixes by Frauschi Β· Pull Request #10116 Β· wolfSSL/wolfssl
zd21457
π¨ CVE-2026-6731
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
π@cveNotify
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
π@cveNotify
GitHub
CN constraints fix by rlm2002 Β· Pull Request #10223 Β· wolfSSL/wolfssl
Description
Applies DNS name constraints to Subject CN when SAN is unavailable.
Fixes zd#21611
Checklist
added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and docume...
Applies DNS name constraints to Subject CN when SAN is unavailable.
Fixes zd#21611
Checklist
added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and docume...
π¨ CVE-2021-47987
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.
π@cveNotify
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.
π@cveNotify
GitHub
Incorrect version tags linked to external repository
### Impact
A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write ac...
A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write ac...
π¨ CVE-2026-10098
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target's serial would match, returning the wrong certificate's status. The fix requires the serial lengths to be equal before comparing the serial bytes.
π@cveNotify
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target's serial would match, returning the wrong certificate's status. The fix requires the serial lengths to be equal before comparing the serial bytes.
π@cveNotify
GitHub
OCSP_resp_find_status to require exact serial-length match by gasbytes Β· Pull Request #10554 Β· wolfSSL/wolfssl
Description
Require equal serial lengths before comparing serial bytes so a response serial that is only a prefix of the requested serial is not treated as a match.
Fixes zd#21903
Testing
Added ass...
Require equal serial lengths before comparing serial bytes so a response serial that is only a prefix of the requested serial is not treated as a match.
Fixes zd#21903
Testing
Added ass...
π¨ CVE-2026-11703
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption now verifies the SNI/ALPN binding for all paths and declines (falling back to a full handshake) on mismatch.
π@cveNotify
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption now verifies the SNI/ALPN binding for all paths and declines (falling back to a full handshake) on mismatch.
π@cveNotify
GitHub
Check SNI/ALPN in TLS 1.2/1.3 session resumptions by holtrop-wolfssl Β· Pull Request #10489 Β· wolfSSL/wolfssl
Description
Fixes zd#21798
Testing
How did you test?
Checklist
added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and documentation
Fixes zd#21798
Testing
How did you test?
Checklist
added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and documentation