Main Vulnerability Database SB2026010557

SB2026010557 - Usage of weak ciphers in libtpms

Published: January 5, 2026

Security Bulletin ID SB2026010557

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2026-21444)

The vulnerability allows an attacker to potentially decrypt data.

The vulnerability exists due to an error related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps.

Remediation

Install update from vendor's website.

References

https://github.com/stefanberger/libtpms/releases/tag/v0.10.2
https://github.com/stefanberger/libtpms/commit/33c9ff074cb16c1841ce7d7f33643c17c426743a
https://github.com/stefanberger/libtpms/security/advisories/GHSA-7jxr-4j3g-p34f