VYPR
High severity7.5NVD Advisory· Published Apr 3, 2026· Updated Apr 13, 2026

CVE-2026-28815

CVE-2026-28815

Description

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
swift-cryptoSwiftURL
>= 4.0.0, < 4.3.14.3.1

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.