CVE-2026-41509

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CROSS versions prior to commit fc6b7e7

Description A buffer overflow exists in the crypto sign open() function caused by an underflow of the mlen integer. This occurs within the reference and optimized implementations of the CROSS post-quantum signature algorithm.

Recommendations Update to the version containing commit fc6b7e7.

Fix

Heap Based Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-121

Related Identifiers

CVE-2026-41509

Affected Products

Cross

CVE-2026-41509

Weakness Enumeration

Related Identifiers

Affected Products

References · 4