Security Advisory

CVE-2026-28815

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-03 01:32:28

Last updated 2026-04-03 13:39:46

Assigner apple

State PUBLISHED

Description

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.

← Browse all CVEs View on cve.org ↗