Skip to main content

CROSS Post-Quantum Signature CVE-2026-41509

| EUVDEUVD-2026-28598 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-05-08 security-advisories@github.com
6.9
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 08, 2026 - 14:32 vuln.today
Analysis Generated
May 08, 2026 - 14:32 vuln.today
CVE Published
May 08, 2026 - 14:16 nvd
MEDIUM 6.9

DescriptionGitHub Advisory

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.

AnalysisAI

Buffer overflow in CROSS crypto_sign_open() function allows remote attackers to corrupt memory via malformed signature input due to integer underflow in message length validation. The vulnerability affects the reference implementation prior to commit fc6b7e7, enabling potential code execution or denial of service when processing untrusted signatures. The flaw exists in the core cryptographic signing operation with no authentication required, making it exploitable in any system integrating this algorithm for signature verification.

Technical ContextAI

CROSS is a post-quantum cryptographic signature algorithm implemented in C. The vulnerability exists in crypto_sign_open(), a function responsible for verifying and extracting messages from signed data. The root cause is a missing bounds check on the smlen (signed message length) parameter before it is used to calculate memory offsets. When smlen is smaller than the expected signature structure size (sizeof(CROSS_sig_t)), an integer underflow occurs, causing the function to write beyond allocated buffer boundaries on the stack. This is a classic stack-based buffer overflow (CWE-121) in cryptographic message processing code. The affected code path is triggered during signature verification operations, a fundamental operation in any public-key infrastructure using CROSS.

RemediationAI

Update CROSS implementation to commit fc6b7e7 or later, which adds the critical bounds check: if (smlen < (size_t) sizeof(CROSS_sig_t)) { return -1; }. Users should pull the latest code from the CROSS-signature/CROSS-implementation GitHub repository main branch and rebuild. For organizations unable to update immediately, disable CROSS signature verification in production systems until patching is complete, or restrict signature processing to messages of known minimum length validated at the application layer before calling crypto_sign_open(). If CROSS is used in hybrid schemes (with traditional algorithms), fall back to the non-CROSS signature verification path. The patch is a simple defensive check with no performance or compatibility side effects - there is no reason to delay deployment.

Share

CVE-2026-41509 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy