CVE Catalog

CVE-2026-41509

Critical
Published: Translated: NVD NIST

Summary

The CROSS implementation includes reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there was a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen.

Risk Assessment

The buffer overflow vulnerability could lead to unauthorized access or execution of malicious code, posing a serious security threat to the system.

Recommendation

It is recommended to update to the version containing the fix fc6b7e7 to eliminate this vulnerability.

Original NVD description (English source)

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS