CVE-2026-28815
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
4th
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
| Vendor | apple |
| Product | macos |
| Ecosystems | |
| Industries | Technology |
| Published | Apr 3, 2026 |
| Last Updated | Apr 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for apple macos
Be the first to know when new high vulnerabilities affecting apple macos are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apple / macOS
4.0.0 < 4.3.1