CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1120 vulnerabilities reference this CWE, most recent first.
CVE-2026-58426 (GCVE-0-2026-58426)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-06 15:07| URL | Tags |
|---|---|
| https://github.com/go-gitea/gitea/security/adviso… | vendor-advisory |
| https://github.com/go-gitea/gitea/pull/37707 | patch |
| https://github.com/go-gitea/gitea/releases/tag/v1.26.2 | release-notes |
| https://blog.gitea.com/release-of-1.26.2/ | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.22.0 , ≤ 1.26.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58426",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:07:14.581616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:07:18.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-hg5r-vq93-9fv6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "1.22.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kamil-sawicki"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:53.283Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-hg5r-vq93-9fv6"
},
{
"name": "GitHub Pull Request #37707",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37707"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58426",
"datePublished": "2026-07-03T20:54:53.283Z",
"dateReserved": "2026-06-30T18:57:20.615Z",
"dateUpdated": "2026-07-06T15:07:18.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56451 (GCVE-0-2026-56451)
Vulnerability from cvelistv5 – Published: 2026-07-14 09:19 – Updated: 2026-07-14 14:30- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Opcenter X |
Affected:
0 , < V2604
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T14:26:36.589186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T14:30:15.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2604",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter X (All versions \u003c V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header.\r\nThis could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersonate any user including administrative accounts, potentially gaining full unauthorized access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T09:19:18.322Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-096828.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-56451",
"datePublished": "2026-07-14T09:19:18.322Z",
"dateReserved": "2026-06-22T13:17:54.241Z",
"dateUpdated": "2026-07-14T14:30:15.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55961 (GCVE-0-2026-55961)
Vulnerability from cvelistv5 – Published: 2026-06-25 16:51 – Updated: 2026-06-25 17:57- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T17:57:40.253830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T17:57:46.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/wolfSSL/wolfssl",
"defaultStatus": "unaffected",
"product": "wolfSSL",
"vendor": "wolfSSL",
"versions": [
{
"lessThanOrEqual": "5.9.1",
"status": "affected",
"version": "3.15.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NVIDIA Project Vanessa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ewolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.\u003c/p\u003e"
}
],
"value": "wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T16:51:18.157Z",
"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"shortName": "wolfSSL"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/10702"
},
{
"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"assignerShortName": "wolfSSL",
"cveId": "CVE-2026-55961",
"datePublished": "2026-06-25T16:51:18.157Z",
"dateReserved": "2026-06-17T22:10:55.453Z",
"dateUpdated": "2026-06-25T17:57:46.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54783 (GCVE-0-2026-54783)
Vulnerability from cvelistv5 – Published: 2026-07-08 22:16 – Updated: 2026-07-10 03:55| URL | Tags |
|---|---|
| https://github.com/CoreWCF/CoreWCF/security/advis… | x_refsource_CONFIRM |
| https://github.com/CoreWCF/CoreWCF/commit/0589692… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/30aef80… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/4618f24… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T03:55:39.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CoreWCF",
"vendor": "CoreWCF",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.0, \u003c 1.9.1"
},
{
"status": "affected",
"version": "\u003c 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T22:16:08.533Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
}
],
"source": {
"advisory": "GHSA-gqv6-pwcg-87r8",
"discovery": "UNKNOWN"
},
"title": "CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54783",
"datePublished": "2026-07-08T22:16:08.533Z",
"dateReserved": "2026-06-15T23:23:57.714Z",
"dateUpdated": "2026-07-10T03:55:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54782 (GCVE-0-2026-54782)
Vulnerability from cvelistv5 – Published: 2026-07-08 22:20 – Updated: 2026-07-10 03:55| URL | Tags |
|---|---|
| https://github.com/CoreWCF/CoreWCF/security/advis… | x_refsource_CONFIRM |
| https://github.com/CoreWCF/CoreWCF/commit/0b8c8af… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/0e63c2c… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T03:55:37.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CoreWCF",
"vendor": "CoreWCF",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.0, \u003c 1.9.1"
},
{
"status": "affected",
"version": "\u003c 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T22:20:37.401Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
}
],
"source": {
"advisory": "GHSA-xjr9-gg9q-jx3v",
"discovery": "UNKNOWN"
},
"title": "CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54782",
"datePublished": "2026-07-08T22:20:37.401Z",
"dateReserved": "2026-06-15T23:23:57.714Z",
"dateUpdated": "2026-07-10T03:55:37.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54774 (GCVE-0-2026-54774)
Vulnerability from cvelistv5 – Published: 2026-07-08 22:17 – Updated: 2026-07-10 03:55| URL | Tags |
|---|---|
| https://github.com/CoreWCF/CoreWCF/security/advis… | x_refsource_CONFIRM |
| https://github.com/CoreWCF/CoreWCF/commit/65d0902… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/b914495… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/e745413… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T03:55:39.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CoreWCF",
"vendor": "CoreWCF",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.0, \u003c 1.9.1"
},
{
"status": "affected",
"version": "\u003c 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T22:17:07.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-rpj7-hr7h-w6p9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-rpj7-hr7h-w6p9"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/65d09022749854ba943e376aefb958dec05b00d8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/65d09022749854ba943e376aefb958dec05b00d8"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/b914495ce63c44924664643b60a262e7595081a4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/b914495ce63c44924664643b60a262e7595081a4"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/e7454132876ecc7e2cf80e541a44376eeb54979b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/e7454132876ecc7e2cf80e541a44376eeb54979b"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
}
],
"source": {
"advisory": "GHSA-rpj7-hr7h-w6p9",
"discovery": "UNKNOWN"
},
"title": "CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54774",
"datePublished": "2026-07-08T22:17:07.314Z",
"dateReserved": "2026-06-15T23:23:57.713Z",
"dateUpdated": "2026-07-10T03:55:39.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54773 (GCVE-0-2026-54773)
Vulnerability from cvelistv5 – Published: 2026-07-08 22:09 – Updated: 2026-07-10 14:05- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/CoreWCF/CoreWCF/security/advis… | x_refsource_CONFIRM |
| https://github.com/CoreWCF/CoreWCF/commit/0589692… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/30aef80… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/commit/4618f24… | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 | x_refsource_MISC |
| https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T14:04:12.419821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T14:05:22.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CoreWCF",
"vendor": "CoreWCF",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.0, \u003c 1.9.1"
},
{
"status": "affected",
"version": "\u003c 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T22:10:26.712Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
},
{
"name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
}
],
"source": {
"advisory": "GHSA-jc6x-rj79-w4mx",
"discovery": "UNKNOWN"
},
"title": "CoreWCF: WS-Security signature substitution via document-wide Signature lookup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54773",
"datePublished": "2026-07-08T22:09:32.584Z",
"dateReserved": "2026-06-15T23:23:57.713Z",
"dateUpdated": "2026-07-10T14:05:22.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54736 (GCVE-0-2026-54736)
Vulnerability from cvelistv5 – Published: 2026-07-10 21:02 – Updated: 2026-07-13 18:01| URL | Tags |
|---|---|
| https://github.com/phalcon/cphalcon/security/advi… | x_refsource_CONFIRM |
| https://github.com/phalcon/cphalcon/issues/17090 | x_refsource_MISC |
| https://github.com/phalcon/cphalcon/pull/17091 | x_refsource_MISC |
| https://github.com/phalcon/cphalcon/commit/ad53ab… | x_refsource_MISC |
| https://github.com/phalcon/cphalcon/releases/tag/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T18:01:29.598956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T18:01:40.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cphalcon",
"vendor": "phalcon",
"versions": [
{
"status": "affected",
"version": "\u003c 5.14.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\\Encryption\\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first differing byte. This observable timing discrepancy can allow an attacker to recover a valid tag byte-by-byte and attach it to a chosen IV and ciphertext so that decrypt() accepts tampered encrypted content as authentic. This issue is fixed in version 5.14.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T21:02:53.873Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phalcon/cphalcon/security/advisories/GHSA-8jqh-95g6-7jpj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phalcon/cphalcon/security/advisories/GHSA-8jqh-95g6-7jpj"
},
{
"name": "https://github.com/phalcon/cphalcon/issues/17090",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phalcon/cphalcon/issues/17090"
},
{
"name": "https://github.com/phalcon/cphalcon/pull/17091",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phalcon/cphalcon/pull/17091"
},
{
"name": "https://github.com/phalcon/cphalcon/commit/ad53ab1b2e7ec59b3af92b0b37b8aaa099011137",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phalcon/cphalcon/commit/ad53ab1b2e7ec59b3af92b0b37b8aaa099011137"
},
{
"name": "https://github.com/phalcon/cphalcon/releases/tag/v5.14.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phalcon/cphalcon/releases/tag/v5.14.1"
}
],
"source": {
"advisory": "GHSA-8jqh-95g6-7jpj",
"discovery": "UNKNOWN"
},
"title": "Phalcon: Non-constant-time HMAC verification in `Encryption\\Crypt::decrypt` (timing side-channel)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54736",
"datePublished": "2026-07-10T21:02:53.873Z",
"dateReserved": "2026-06-15T23:07:33.233Z",
"dateUpdated": "2026-07-13T18:01:40.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52754 (GCVE-0-2026-52754)
Vulnerability from cvelistv5 – Published: 2026-06-10 12:40 – Updated: 2026-07-14 21:33 X_Open Source- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/NationalSecurityAgency/ghidra/… | vendor-advisory |
| https://github.com/NationalSecurityAgency/ghidra/… | patch |
| https://github.com/NationalSecurityAgency/ghidra/… | patch |
| https://www.vulncheck.com/advisories/ghidra-authe… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| nationalsecurityagency | ghidra |
Affected:
0 , < 12.1
(custom)
Unaffected: 12.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T13:53:11.064844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T13:53:32.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/nationalsecurityagency/ghidra",
"product": "ghidra",
"repo": "https://github.com/nationalsecurityagency/ghidra",
"vendor": "nationalsecurityagency",
"versions": [
{
"lessThan": "12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "12.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nsa:ghidra:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "@jro-calif"
},
{
"lang": "en",
"type": "finder",
"value": "Sean Nejad (@allsmog)"
}
],
"datePublic": "2026-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T21:33:37.483Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-5wxq-7qpv-65p2)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5wxq-7qpv-65p2"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/NationalSecurityAgency/ghidra/commit/78729379e471bbb3d969409be6a8c3d24af84220"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/NationalSecurityAgency/ghidra/commit/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ghidra-authentication-bypass-via-null-signature-in-pkiauthenticationmodule"
}
],
"tags": [
"x_open-source"
],
"title": "Ghidra \u003c 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-52754",
"datePublished": "2026-06-10T12:40:46.463Z",
"dateReserved": "2026-06-08T15:20:09.274Z",
"dateUpdated": "2026-07-14T21:33:37.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50722 (GCVE-0-2026-50722)
Vulnerability from cvelistv5 – Published: 2026-07-02 21:34 – Updated: 2026-07-07 17:02| URL | Tags |
|---|---|
| https://libreswan.org/security/CVE-2026-50722/CVE… | vendor-advisory |
| https://libreswan.org/security/CVE-2026-50722/ | patch |
| https://libreswan.org/security/CVE-2026-50721/CVE… | related |
| https://www.rfc-editor.org/rfc/rfc8017 | technical-description |
| Vendor | Product | Version | |
|---|---|---|---|
| The Libreswan Project | libreswan |
Affected:
0 , ≤ 5.3
(semver)
Unaffected: 5.3.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T18:12:19.317302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T17:02:06.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libreswan/libreswan",
"defaultStatus": "unaffected",
"packageName": "libreswan",
"product": "libreswan",
"programRoutines": [
{
"name": "RSA_authenticate_hash_signature_pkcs1_1_5_rsa"
}
],
"repo": "https://github.com/libreswan/libreswan",
"vendor": "The Libreswan Project",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.3.1",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Any server or client that accepts RSA-based IKEv2 connections via the default authby= settings is vulnerable to denial of service. Authentication bypass additionally requires the use of RSA keys with weak exponents (e=3). IKEv2 by default allows ECDSA, RSA-SSA-PSS, and RSA PKCS#1 1.5 as fallback due to Microsoft Windows not supporting RSASSA-PSS."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yeonghyeon Choi"
},
{
"lang": "en",
"type": "finder",
"value": "Duyeong Kim"
},
{
"lang": "en",
"type": "analyst",
"value": "Andrew Cagney (The Libreswan Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.\u003c/p\u003e"
}
],
"value": "Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "No known exploitation in the wild. The authentication bypass requires the target to use RSA keys with weak exponents (e=3), which have been disallowed by most cryptographic libraries for at least a decade. The denial-of-service attack is exploitable against any IKEv2 configuration using default authby= settings that permit RSA PKCS#1 v1.5 fallback."
}
],
"impacts": [
{
"capecId": "CAPEC-463",
"descriptions": [
{
"lang": "en",
"value": "Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 AUTH payloads"
}
]
},
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Weak RSA exponent (e=3) in use, enabling Bleichenbacher signature forgery"
}
]
},
{
"other": {
"content": {
"description": "Vendor-assessed severity: Medium. Authentication bypass requires weak RSA exponents (e=3) which have been disallowed by most cryptographic libraries for over a decade. DoS is mitigated by automatic daemon restart.",
"value": "MEDIUM"
},
"type": "vendorSeverity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T21:34:41.413Z",
"orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
"shortName": "libreswan"
},
"references": [
{
"name": "Libreswan Security Advisory CVE-2026-50722",
"tags": [
"vendor-advisory"
],
"url": "https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"
},
{
"name": "Libreswan CVE-2026-50722 Patches",
"tags": [
"patch"
],
"url": "https://libreswan.org/security/CVE-2026-50722/"
},
{
"name": "Related: CVE-2026-50721 (IKEv1 variant)",
"tags": [
"related"
],
"url": "https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"
},
{
"name": "RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2",
"tags": [
"technical-description"
],
"url": "https://www.rfc-editor.org/rfc/rfc8017"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at \u003ca href=\"https://libreswan.org/security/CVE-2026-50722/\"\u003ehttps://libreswan.org/security/CVE-2026-50722/\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org/security/CVE-2026-50722/"
}
],
"source": {
"defects": [
"CVE-2026-50722"
],
"discovery": "EXTERNAL"
},
"taxonomyMappings": [
{
"taxonomyName": "ATT\u0026CK",
"taxonomyRelations": [
{
"relationshipName": "maps to",
"relationshipValue": "Application or System Exploitation (DoS)",
"taxonomyId": "T1499.004"
}
],
"taxonomyVersion": "15.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-24T00:00:00.000Z",
"value": "Libreswan notified of the issue via security@libreswan.org"
},
{
"lang": "en",
"time": "2026-06-16T00:00:00.000Z",
"value": "Advanced notice given to supported customers and distributions"
},
{
"lang": "en",
"time": "2026-06-24T00:00:00.000Z",
"value": "Public announcement and release of libreswan 5.3.1"
}
],
"title": "IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf Windows support is not needed, configure \u003ccode\u003eauthby=ecdsa\u003c/code\u003e or \u003ccode\u003eauthby=rsa-sha2\u003c/code\u003e (or both via \u003ccode\u003eauthby=ecdsa,rsa-sha2\u003c/code\u003e) to disallow the fallback of RSA PKCS#1 1.5. The \u003ccode\u003eleftauth=\u003c/code\u003e and \u003ccode\u003erightauth=\u003c/code\u003e settings can be updated similarly if those are in use instead of \u003ccode\u003eauthby\u003c/code\u003e.\u003c/p\u003e"
}
],
"value": "If Windows support is not needed, configure authby=ecdsa or authby=rsa-sha2 (or both via authby=ecdsa,rsa-sha2) to disallow the fallback of RSA PKCS#1 1.5. The leftauth= and rightauth= settings can be updated similarly if those are in use instead of authby."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
"assignerShortName": "libreswan",
"cveId": "CVE-2026-50722",
"datePublished": "2026-07-02T21:34:41.413Z",
"dateReserved": "2026-06-05T16:10:05.751Z",
"dateUpdated": "2026-07-07T17:02:06.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.