CVE-2026-21444 – libtpms returns wrong initialization vector when certain symmetric ciphers are used

CVE ID : CVE-2026-21444

Published : Jan. 2, 2026, 7:15 p.m. | 1 hour, 9 minutes ago

Description : libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-21444 – libtpms returns wrong initialization vector when certain symmetric ciphers are used

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-21449 – Bagisto has SSTI via first and last name from low-privilege user (not admin)

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-64123 – Nuvation Energy nCloud Client-to-Client Communication

CVE-2025-64122 – Nuvation Energy Multi-Stack Controller Private Key Stored on Device

CVE-2025-64121 – Nuvation Energy Multi-Stack Controller Authentication Bypass

CVE-2025-64120 – Nuvation Energy Multi-Stack Controller OS Command Injection