CVE-2026-35199 Overview
A heap buffer overflow vulnerability exists in Microsoft SymCrypt, the core cryptographic function library used by Windows. The flaw occurs in the SymCryptXmssSign function when processing XMSS^MT parameter sets with a total tree height of 32 or greater. The function passes a 64-bit leaf count value to a helper function that only accepts a 32-bit parameter, causing silent truncation to zero. This results in a drastically undersized scratch buffer allocation, followed by a heap buffer overflow during signature computation.
Critical Impact
Successful exploitation could lead to denial of service through memory corruption and potential integrity issues when an attacker can control XMSS^MT parameter sets during signature operations.
Affected Products
- Microsoft SymCrypt versions 103.5.0 to before 103.11.0
- Windows systems utilizing vulnerable SymCrypt library versions
- Applications implementing XMSS^MT signing using SymCrypt
Discovery Timeline
- April 6, 2026 - CVE-2026-35199 published to NVD
- April 7, 2026 - Last updated in NVD database
Technical Details for CVE-2026-35199
Vulnerability Analysis
This vulnerability is classified as CWE-122 (Heap-based Buffer Overflow). The flaw stems from an integer truncation issue in the cryptographic signature processing workflow. When the SymCryptXmssSign function handles XMSS^MT parameter sets configured with a total tree height of 32 or more (including standard predefined parameters), a 64-bit value representing the leaf count is incorrectly passed to an internal helper function expecting a 32-bit integer.
The truncation silently converts the leaf count to zero, which causes the subsequent scratch buffer allocation to be significantly undersized. When the signature computation proceeds, it writes beyond the allocated buffer boundaries, resulting in heap memory corruption.
Root Cause
The root cause is a numeric truncation error where a 64-bit integer is implicitly cast to a 32-bit integer when calling an internal helper function. For tree heights below 32, this truncation has no effect since the leaf count fits within 32 bits. However, for tree heights of 32 or greater, the high-order bits are silently discarded, resulting in a zero value and subsequent undersized memory allocation.
Attack Vector
The attack vector requires local access and low privileges, with no user interaction needed. Exploitation requires an application using SymCrypt to perform an XMSS^MT signature with an attacker-controlled parameter set. While this is an uncommon scenario since signing operations typically use trusted private keys, the vulnerability could be triggered in specific use cases:
The vulnerability is mitigated by several factors: XMSS(^MT) signing is intended for Hardware Security Module (HSM) environments only, signing operations inherently require private key trust, and XMSS(^MT) signing in SymCrypt is provided primarily for testing purposes. Stateful signature schemes like XMSS(^MT) require guarantees against state reuse that software alone cannot provide, which is why this functionality is not FIPS approved outside HSMs.
For technical details regarding the vulnerability mechanism, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-35199
Indicators of Compromise
- Unexpected application crashes during cryptographic signing operations involving XMSS^MT parameter sets
- Memory corruption errors or heap-related exceptions in applications using SymCrypt
- Abnormal behavior in signature computation workflows with tree heights of 32 or greater
Detection Strategies
- Monitor for crashes or exceptions in processes utilizing SymCrypt library functions
- Implement memory protection mechanisms to detect heap buffer overflows
- Audit applications for usage of XMSS^MT signing functionality with non-standard or attacker-controllable parameters
Monitoring Recommendations
- Enable heap integrity checking on systems running applications that use SymCrypt for XMSS^MT operations
- Deploy endpoint detection and response (EDR) solutions capable of identifying heap overflow exploitation attempts
- Monitor security advisories from Microsoft for additional guidance and detection signatures
How to Mitigate CVE-2026-35199
Immediate Actions Required
- Update Microsoft SymCrypt to version 103.11.0 or later immediately
- Audit applications to identify any use of XMSS^MT signing functionality outside of HSM environments
- Restrict XMSS^MT parameter set configurations to trusted, non-attacker-controllable sources
Patch Information
Microsoft has addressed this vulnerability in SymCrypt version 103.11.0. The fix corrects the integer handling in the SymCryptXmssSign function to properly pass 64-bit leaf count values to helper functions, preventing the buffer size miscalculation. Organizations should update to the patched version through their standard Windows update channels or by obtaining the updated SymCrypt library directly from Microsoft's repositories.
For detailed patch information, see the GitHub Security Advisory.
Workarounds
- Avoid using XMSS^MT signing functionality in SymCrypt outside of HSM environments
- Ensure parameter sets used for XMSS^MT operations are from trusted sources and not attacker-controllable
- Consider disabling XMSS^MT signing functionality until patching is complete if it is not required for production operations
# Verify SymCrypt version to confirm patch status
# Check installed SymCrypt library version
# Windows: Review symcrypt.dll version in System32
# Update to version 103.11.0 or later to remediate CVE-2026-35199
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
