CVE-2026-21444

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libtpms versions 0.10.0 through 0.10.1

Description libtpms, a library providing software emulation of a Trusted Platform Module, contains a flaw impacting data confidentiality. When integrated with OpenSSL 3.x, the library incorrectly returns the initial Initialization Vector (IV) instead of the last IV during symmetric cipher operations. This weakens encryption and decryption processes.

Recommendations Update to version 0.10.2 or later.

Exploit

Fix

Use of Insufficiently Random Values

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-327

Related Identifiers

BDU:2026-00914

CVE-2026-21444

GHSA-7JXR-4J3G-P34F

OPENSUSE-SU-2026:10422-1

OPENSUSE-SU-2026:20695-1

SUSE-SU-2026:21571-1

SUSE-SU-2026:21581-1

Affected Products

Openssl

Libtpms

CVE-2026-21444

Weakness Enumeration

Related Identifiers

Affected Products

References · 22