Skip to main content

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

458 CVEs Avg CVSS 6.9 MITRE
62
CRITICAL
205
HIGH
165
MEDIUM
26
LOW
78
POC
0
KEV

Monthly

CVE-2026-56454 MEDIUM This Month

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensitive communications by exploiting continued support for deprecated TLS 1.0 and TLS 1.1 protocols. All versions of DFXAnalytics are affected per the wildcard CPE string, with high confidentiality impact and no integrity or availability degradation. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS AC:H rating reflects the prerequisite man-in-the-middle network position rather than any inherent technical barrier to exploitation once that position is achieved.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
5.9
CVE-2026-57997 MEDIUM PATCH This Month

JWT algorithm confusion in Strapi's users-permissions plugin enables authentication control weakening when the plugin::users-permissions.jwt.algorithm setting is absent from configuration. The plugin silently accepts HS384 and HS512 tokens alongside the intended HS256, allowing an attacker who has already obtained the jwtSecret to mint tokens using non-standard HMAC variants and bypass any algorithm-enforcement logic. No public exploit code is identified at time of analysis and this vulnerability is not listed in CISA KEV; real-world risk is substantially bounded by the prerequisite of jwtSecret compromise, reflected in the CVSS 4.0 score of 6.3 with High Complexity and Presence-of-attack-requirement modifiers.

Authentication Bypass Strapi
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-9221 HIGH This Week

Session hijacking in the Setracker2 Android companion app (com.tgelec.setracker) version 3.1.5 and earlier stems from the use of MD5 to generate the request signature that authenticates traffic between the mobile client and the backend REST API. Because MD5 is cryptographically broken, an attacker who can observe a signed request may reverse the signature to recover the embedded session ID and then impersonate the legitimate user, issuing authenticated API calls against the kids'/GPS-tracker backend. Reported by CISA ICS-CERT (DHS) and tracked in a CSAF advisory; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Google
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-6330 MEDIUM PATCH This Month

wolfSSL's ML-KEM ARM64 NEON decapsulation path compares only half of the re-encrypted ciphertext during the Fujisaki-Okamoto implicit rejection step, breaking the IND-CCA2 security proof for post-quantum key exchange on that architecture. This affects any ARM64 deployment of wolfSSL with ML-KEM (FIPS 203) compiled in and in active use. An attacker who can submit adaptively chosen ciphertexts to a decapsulating party - for example via man-in-the-middle position during a post-quantum TLS handshake - may exploit the broken comparison to bypass implicit rejection, potentially enabling shared-secret recovery through repeated adaptive queries. No public exploit has been identified and the vulnerability is not listed in the CISA KEV at time of analysis.

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-6412 LOW PATCH Monitor

wolfSSL's certificate chain verification accepted MD5-signed certificates when MD5 was compiled in for any purpose (e.g., TLS 1.0 PRF or HMAC), violating RFC 8446 compliance and the fundamental prohibition on broken hash algorithms in certificate signatures. An attacker with low-level positioning who can influence the certificate chain presented to a wolfSSL-based application could potentially bypass chain integrity checks by presenting an MD5-signed leaf certificate. No public exploit has been identified and no CISA KEV listing exists; the CVSS 4.0 score of 2.3 reflects the high complexity and constrained impact of realistic exploitation.

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2026-10097 HIGH This Week

Cryptographic decapsulation flaw in wolfSSL's ML-KEM-1024 (Kyber) x86-64 AVX2 code path (versions 5.7.0 through 5.9.1) breaks IND-CCA2 security by failing to compare the final 32-byte block of the 1568-byte ciphertext during the constant-time check, so the Fujisaki-Okamoto transform's mandatory implicit rejection is bypassed. An attacker acting as a chosen-ciphertext oracle can submit ciphertexts altered only in those trailing bytes and have decapsulation return the genuine shared secret rather than a rejection value. There is no public exploit identified at time of analysis, the EPSS score is very low (0.15%, 5th percentile), and CISA SSVC rates exploitation as none with partial technical impact.

Information Disclosure Wolfssl
NVD GitHub
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-54780 NuGet LOW PATCH GHSA Monitor

WS-Security DigestMethod validation in CoreWCF's receive pipeline can be bypassed, allowing a remote sender to present XML Digital Signatures that use cryptographically weak per-reference hash algorithms (e.g., SHA-1) even when the configured SecurityAlgorithmSuite explicitly prohibits them. Affected are all CoreWCF.Primitives releases below v1.8.1 and the 1.9.0 release (pre-1.9.1). The service silently accepts these weakened signatures as policy-compliant, undermining the integrity guarantees that the algorithm suite is designed to enforce. No public exploit or CISA KEV listing exists; the vendor has released patches in v1.8.1 and v1.9.1 with no available workaround.

Information Disclosure
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-40641 MEDIUM This Month

Broken or risky cryptographic algorithm use in Dell PowerFlex Manager 4.6.0.1 exposes network-accessible infrastructure management communications to potential interception and modification. Remote unauthenticated attackers who achieve the requisite network positioning - consistent with the CVSS AC:H rating - could exploit weak or deprecated cryptographic primitives to partially disclose sensitive management data (C:L) or tamper with communications in transit (I:L). Dell has published advisory DSA-2026-066 under the multi-CVE release DSA-2026-066; no public exploit code and no active exploitation (CISA KEV absent) have been identified at time of analysis.

Dell Information Disclosure Powerflex
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-9261 HIGH This Week

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.6
EPSS
0.2%
CVE-2026-50086 CRITICAL PATCH Act Now

Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.

Authentication Bypass Aqara Iam Sso Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVSS 5.9
MEDIUM This Month

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensitive communications by exploiting continued support for deprecated TLS 1.0 and TLS 1.1 protocols. All versions of DFXAnalytics are affected per the wildcard CPE string, with high confidentiality impact and no integrity or availability degradation. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS AC:H rating reflects the prerequisite man-in-the-middle network position rather than any inherent technical barrier to exploitation once that position is achieved.

Information Disclosure Dfxanalytics
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

JWT algorithm confusion in Strapi's users-permissions plugin enables authentication control weakening when the plugin::users-permissions.jwt.algorithm setting is absent from configuration. The plugin silently accepts HS384 and HS512 tokens alongside the intended HS256, allowing an attacker who has already obtained the jwtSecret to mint tokens using non-standard HMAC variants and bypass any algorithm-enforcement logic. No public exploit code is identified at time of analysis and this vulnerability is not listed in CISA KEV; real-world risk is substantially bounded by the prerequisite of jwtSecret compromise, reflected in the CVSS 4.0 score of 6.3 with High Complexity and Presence-of-attack-requirement modifiers.

Authentication Bypass Strapi
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Session hijacking in the Setracker2 Android companion app (com.tgelec.setracker) version 3.1.5 and earlier stems from the use of MD5 to generate the request signature that authenticates traffic between the mobile client and the backend REST API. Because MD5 is cryptographically broken, an attacker who can observe a signed request may reverse the signature to recover the embedded session ID and then impersonate the legitimate user, issuing authenticated API calls against the kids'/GPS-tracker backend. Reported by CISA ICS-CERT (DHS) and tracked in a CSAF advisory; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Google
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

wolfSSL's ML-KEM ARM64 NEON decapsulation path compares only half of the re-encrypted ciphertext during the Fujisaki-Okamoto implicit rejection step, breaking the IND-CCA2 security proof for post-quantum key exchange on that architecture. This affects any ARM64 deployment of wolfSSL with ML-KEM (FIPS 203) compiled in and in active use. An attacker who can submit adaptively chosen ciphertexts to a decapsulating party - for example via man-in-the-middle position during a post-quantum TLS handshake - may exploit the broken comparison to bypass implicit rejection, potentially enabling shared-secret recovery through repeated adaptive queries. No public exploit has been identified and the vulnerability is not listed in the CISA KEV at time of analysis.

Information Disclosure Wolfssl
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

wolfSSL's certificate chain verification accepted MD5-signed certificates when MD5 was compiled in for any purpose (e.g., TLS 1.0 PRF or HMAC), violating RFC 8446 compliance and the fundamental prohibition on broken hash algorithms in certificate signatures. An attacker with low-level positioning who can influence the certificate chain presented to a wolfSSL-based application could potentially bypass chain integrity checks by presenting an MD5-signed leaf certificate. No public exploit has been identified and no CISA KEV listing exists; the CVSS 4.0 score of 2.3 reflects the high complexity and constrained impact of realistic exploitation.

Information Disclosure Wolfssl
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Cryptographic decapsulation flaw in wolfSSL's ML-KEM-1024 (Kyber) x86-64 AVX2 code path (versions 5.7.0 through 5.9.1) breaks IND-CCA2 security by failing to compare the final 32-byte block of the 1568-byte ciphertext during the constant-time check, so the Fujisaki-Okamoto transform's mandatory implicit rejection is bypassed. An attacker acting as a chosen-ciphertext oracle can submit ciphertexts altered only in those trailing bytes and have decapsulation return the genuine shared secret rather than a rejection value. There is no public exploit identified at time of analysis, the EPSS score is very low (0.15%, 5th percentile), and CISA SSVC rates exploitation as none with partial technical impact.

Information Disclosure Wolfssl
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

WS-Security DigestMethod validation in CoreWCF's receive pipeline can be bypassed, allowing a remote sender to present XML Digital Signatures that use cryptographically weak per-reference hash algorithms (e.g., SHA-1) even when the configured SecurityAlgorithmSuite explicitly prohibits them. Affected are all CoreWCF.Primitives releases below v1.8.1 and the 1.9.0 release (pre-1.9.1). The service silently accepts these weakened signatures as policy-compliant, undermining the integrity guarantees that the algorithm suite is designed to enforce. No public exploit or CISA KEV listing exists; the vendor has released patches in v1.8.1 and v1.9.1 with no available workaround.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

Broken or risky cryptographic algorithm use in Dell PowerFlex Manager 4.6.0.1 exposes network-accessible infrastructure management communications to potential interception and modification. Remote unauthenticated attackers who achieve the requisite network positioning - consistent with the CVSS AC:H rating - could exploit weak or deprecated cryptographic primitives to partially disclose sensitive management data (C:L) or tamper with communications in transit (I:L). Dell has published advisory DSA-2026-066 under the multi-CVE release DSA-2026-066; no public exploit code and no active exploitation (CISA KEV absent) have been identified at time of analysis.

Dell Information Disclosure Powerflex
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Information Disclosure Eos Network Setting Tool
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.

Authentication Bypass Aqara Iam Sso Gateway
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy