Explore top 10 tips to secure your open-source projects now. Read More
×
CVE-2026-5194
Missing hash/digest size and OID checks allowed digests smaller
than appropriate for the relevant key type to be accepted during
ECDSA certificate signature verification, weakening ECDSA
certificate-based authentication when EdDSA or ML-DSA support was
also enabled.
CVE-2026-6092
When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path
could fall back to MAC-then-Encrypt instead of enforcing
Encrypt-then-MAC.
CVE-2026-6094
A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing
crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied
data delivered via S/MIME or CMS.
CVE-2026-6325
An out-of-bounds write in SetSuitesHashSigAlgo when processing an
oversized signature algorithms list allowed a write past the bounds
of the destination buffer.
CVE-2026-6329
PKCS#12 MAC verification compared the computed HMAC against the
stored MAC using an attacker-controlled length, allowing a truncated
Get the latest Linux and open source security news straight to your inbox.