CVE-2026-10097
ML-KEM-1024 x64 AVX2 implicit rejection failure breaks IND-CCA2 security
Description
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the final 32-byte block of the 1568-byte ML-KEM-1024 ciphertext, so a ciphertext manipulated only in those final bytes would compare as equal and decapsulation returned the real shared secret instead of performing the required implicit rejection.
INFO
Published Date :
June 25, 2026, 7:59 p.m.
Last Modified :
June 25, 2026, 7:59 p.m.
Remotely Exploit :
Yes !
Source :
wolfSSL
Affected Products
The following products are affected by CVE-2026-10097
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | MEDIUM | 50d2cd11-d01a-48ed-9441-5bfce9d63b27 |
Solution
- Ensure full ciphertext comparison during decapsulation.
- Implement constant-time comparison for all ciphertext bytes.
- Verify compliance with IND-CCA2 security requirements.
- Apply vendor patches for the ML-KEM implementation.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-10097 vulnerability anywhere in the article.