{"id":"JLSEC-2026-748","summary":"The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the...","details":"The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating party could fail to detect a manipulated ciphertext and proceed without the standard's required implicit rejection.","modified":"2026-07-18T00:02:22.665699569Z","published":"2026-07-14T21:41:35.775Z","upstream":["CVE-2026-6330","GHSA-89v8-3927-wfcg","EUVD-2026-39570"],"database_specific":{"sources":[{"id":"CVE-2026-6330","imported":"2026-07-17T22:35:35.441Z","modified":"2026-06-27T19:50:17.420Z","published":"2026-06-25T22:17:02.887Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-6330","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6330","database_specific":{"status":"Analyzed"}},{"url":"https://api.github.com/advisories/GHSA-89v8-3927-wfcg","html_url":"https://github.com/advisories/GHSA-89v8-3927-wfcg","id":"GHSA-89v8-3927-wfcg","imported":"2026-07-17T22:35:35.602Z","modified":"2026-06-27T21:30:28Z","published":"2026-06-26T00:32:06Z"},{"id":"EUVD-2026-39570","imported":"2026-07-17T22:35:45.448Z","modified":"2026-06-26T10:20:49Z","published":"2026-06-25T21:01:19Z","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-39570","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39570"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/advisories/GHSA-89v8-3927-wfcg"},{"type":"WEB","url":"https://github.com/wolfSSL/wolfssl/pull/10192"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6330"},{"type":"WEB","url":"https://www.wolfssl.com/docs/security-vulnerabilities"},{"type":"WEB","url":"https://www.wolfssl.com/docs/security-vulnerabilities/"}],"affected":[{"package":{"name":"wolfSSL_jll","ecosystem":"Julia","purl":"pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"5.8.4+0"},{"fixed":"5.9.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-748.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}