CVE Catalog

CVE-2026-55967

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

0th percentile — higher than 0% of all known CVEs

Summary

A vulnerability in AES-GCM implementation allows counter wrap and keystream reuse when processing extremely large single messages (>64 GiB) via streaming APIs, leading to plaintext recovery.

Risk Assessment

An attacker can decrypt protected data if they can force processing of messages exceeding 64 GiB, compromising confidentiality.

Recommendation

Update the library or software using AES-GCM to a version that properly rejects messages >64 GiB in streaming APIs.

Original NVD description (English source)

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS