CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/apple/swift-crypto/security/advisories/GHSA-9m44-rr2w-ppp7

Products affected by CVE-2026-28815

Apple » Swift-Crypto » Version: Any

cpe:2.3:a:apple:swift-crypto:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28815

Products

Pricing

Contact Us