CVE-2026-32600

Name of the Vulnerable Software and Affected Versions xml-security versions prior to 2.3.1 xml-security version 1.13.9

Description The library lacks validation of the authentication tag length when decrypting XML nodes encrypted with aes-128-gcm, aes-192-gcm, or aes-256-gcm. This allows an attacker to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also enables the forging of arbitrary ciphertexts without knowing the encryption key. The GHASH key is a string of bits used in Galois/Counter Mode (GCM) for authentication. If static symmetric keys are used, these keys should be rotated as they may have been compromised. The issue can be exploited by observing XML parsing errors that occur after modifying the ciphertext.

Recommendations Update to xml-security version 2.3.1 or later. Update to xml-security version 1.13.9 or later.