VYPR
← All advisories
Medium severity6.9GHSA Advisory· Published May 26, 2026· Updated May 26, 2026

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

CVE-2026-41207

Description

HKDF_expand: returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key.

When EVP_HPKE_CTX_export fails it also returns an empty byte[] array filled with zeros. This byte[] feeds directly into OHttpCrypto.createResponseAEAD(...). A silent all-zero export secret would produce a deterministic, attacker-predictable AEAD key.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

HPKEContext failures in netty-incubator-codec-ohttp silently produce all-zero AEAD keys, enabling predictable encryption.

Vulnerability

The HPKEContext operations HKDF_expand and EVP_HPKE_CTX_export in netty-incubator-codec-ohttp return a non-NULL byte[] filled with zeros upon failure, with no way to distinguish success from failure. This zero-filled array is used directly as the export secret for creating the response AEAD via OHttpCrypto.createResponseAEAD(...). Versions prior to 0.0.21.Final are affected [1][2].

Exploitation

An attacker does not require any special privileges; any condition that causes the HPKE context operation to fail—such as invalid input or a resource limitation—will result in a deterministic all-zero AEAD key. The attacker can then predict the key without any additional information, as the failure path consistently produces the same zeroed output [1][2].

Impact

A successful attack results in complete loss of confidentiality and integrity for the encrypted response. The attacker can decrypt all response data and forge arbitrary responses that will be accepted as valid. This directly undermines the security guarantees of OHTTP (Oblivious HTTP) [1][2].

Mitigation

The issue is fixed in version 0.0.21.Final. Users should upgrade to this version or later immediately. No workaround is available [1][2].

References
  1. HPKEContext operations may produce empty byte[] on failures
  2. CVE-2026-41207 - GitHub Advisory Database

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.