CVE-2026-55967
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0th percentile — higher than 0% of all known CVEs
Summary
A vulnerability in AES-GCM implementation allows counter wrap and keystream reuse when processing extremely large single messages (>64 GiB) via streaming APIs, leading to plaintext recovery.
Risk Assessment
An attacker can decrypt protected data if they can force processing of messages exceeding 64 GiB, compromising confidentiality.
Recommendation
Update the library or software using AES-GCM to a version that properly rejects messages >64 GiB in streaming APIs.
Original NVD description (English source)
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

