NVD HIGH: CVE-2026-10097 — wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 15...
wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security. An attacker able to submit chosen ciphertexts t
CVE-2026-10097