This page collects WhisperX intelligence signals tagged #cryptographic vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A cryptographic vulnerability has been identified in the Bouncy Castle Java library's bcpkix module, enabling the PKIX draft CompositeVerifier to accept empty signature sequences as valid. The flaw, tracked as CVE-2026-5588, affects all versions from 1.49 to 1.84 and carries a CVSS severity score of 6.3 (moderate). Th...
A critical cryptographic vulnerability has been identified in the `dispatch_contract.py` module, where the HMAC envelope signing mechanism fails to incorporate the `payload` field into its canonical signing input. The flaw, located at lines 107–123 in the `_sign_envelope_payload` function, signs only metadata fields—`a...
A critical cryptographic vulnerability in the Bouncy Castle BC-JAVA library allows empty signature sequences to pass verification checks under certain PKIX configurations. The flaw, tracked as CVE-2026-5588 and classified under CWE-327 (Use of Broken or Risky Cryptographic Algorithm), affects the bcpkix module across m...
A security researcher has raised concerns over the use of `scalarmult` output directly as a shared cryptographic key in a three-party communication scheme, warning that this approach contradicts established best practices documented in the official libsodium documentation. The issue centers on a implementation that de...