Description

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.

INFO

Published Date :

2026-05-08T13:47:17.770Z

Last Modified :

2026-05-08T14:15:21.680Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41509 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41509.

URL Resource
https://github.com/CROSS-signature/CROSS-implementation/commit/fc6b7e78cdf789bb5c395a81dc601356f1383da0 cve-icon cve-icon
https://github.com/CROSS-signature/CROSS-implementation/security/advisories/GHSA-w72c-hgx8-p7cv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability