Home / Vulnerability Intelligence / CVE-2026-32600

CVE-2026-32600 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 17, 2026

xml-security - Authentication Bypass

Published: March 16, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

xml-security < 2.3.1 and < 1.13.9 contains an authentication tag length validation bypass caused by missing validation in AES-GCM encrypted XML nodes, letting attackers decrypt nodes and forge ciphertexts, exploit requires crafted encrypted XML nodes.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 2.1%(Probability of exploitation in next 30 days)

Impact

Attackers can decrypt encrypted XML nodes and forge ciphertexts, compromising confidentiality and integrity of data.

Mitigation

Update to versions 2.3.1 or 1.13.9 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-32600 - High (8.2) xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32600/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32600
Severity: High
CVSS Score: 8.2
Type: broken_authentication
Status: confirmed
EPSS: 2.1%
Social Posts: 1

CWE

CWE-354

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

2.1%Probability of exploitation in the next 30 days