OpenSSL's optimized SM2 scalar multiplication has data-dependent branches on the private key. Direct measurement of the EC_POINT_mul call used by SM2 decrypt shows r = -0.9828 between runtime and zero-nibble count, with a slope of -389 ns per zero nibble. This leaks a stable aggregate private-key fingerprint (~3 bits) and the same non-constant-time branch pattern may expose richer traces to cache-based attacks. ARM64 and RISC-V only. SM2 is required for systems subject to Chinese commercial cryptography regulations.

lcms2's CubeSize() does a check-after-multiply on a uint32. A crafted ICC profile with ≥5 CLUT channels makes it return a wrapped value, the caller undersizes the CLUT buffer, and the interpolator reads past the end. A 992-byte PDF crashes Poppler; a one-line Java call crashes OpenJDK 21; lcms2's own transicc -l crashes. CVE-2026-41254 published at 7.5 High (NVD); fix landed in lcms2.19rc1 pre-release.

wolfSSL's ML-DSA signing implementation does not destroy private key material after use, violating FIPS 204 Section 3.6.3. The unzeroed heap block is recoverable via same-process allocation, enabling end-to-end signature forgery.

The same wolfSSL ML-DSA heap-zeroization bug is exploitable from off-process: via crash-reporter core ingest, and via cross-process /proc/$pid/mem. Both verified end-to-end against installed libwolfssl.

A new vulnerability in OpenSSL will be disclosed here soon. Stay tuned.

Press summary for RingWraith — CVE-2026-33150 and CVE-2026-33179 in libfuse io_uring.

Two memory safety CVEs in libfuse's io_uring transport — root cause, exploitation surface, and PoC. CVE-2026-33150 and CVE-2026-33179.