CVE-2026-41509
CriticalSummary
The CROSS implementation includes reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there was a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen.
Risk Assessment
The buffer overflow vulnerability could lead to unauthorized access or execution of malicious code, posing a serious security threat to the system.
Recommendation
It is recommended to update to the version containing the fix fc6b7e7 to eliminate this vulnerability.
Original NVD description (English source)
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.

