CVE Catalog

CVE-2026-50268

LowCVSS 1.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

0th percentile — higher than 0% of all known CVEs

Summary

In versions 4.0.0 to 4.1.0 of the Steeltoe.Configuration.Encryption library, configuring `encrypt:rsa:algorithm=OAEP` does not enable OAEP encryption due to an incorrect BouncyCastle transformation string. The `OAEP` setting selects the PKCS#1 v1.5 algorithm, which is equivalent to the `DEFAULT` setting.

Risk Assessment

Organizations may be exposed to attacks that exploit weaknesses in the PKCS#1 v1.5 algorithm, potentially leading to unauthorized access to data.

Recommendation

It is recommended to upgrade to version 4.2.0 of the Steeltoe.Configuration.Encryption library to address this vulnerability.

Original NVD description (English source)

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring `encrypt:rsa:algorithm=OAEP` does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the `OAEP` setting selects PKCS#1 v1.5, which is the same algorithm as the `DEFAULT` setting. Steeltoe.Configuration.Encryption version 4.2.0 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS