CVE-2026-44518 Overview
CVE-2026-44518 is an out-of-bounds read vulnerability in liboqs, the Open Quantum Safe C-language cryptographic library that implements post-quantum cryptography algorithms. The flaw affects the stateful signature verification code paths for the eXtended Merkle Signature Scheme (XMSS) and its multi-tree variant XMSS^MT in versions prior to 0.16.0. When the verification routine receives a signature buffer shorter than the expected size for the given parameter set, it fails to validate the caller-supplied length and reads past the buffer boundary. The maintainers fixed the issue in liboqs version 0.16.0.
Critical Impact
Network-reachable attackers can submit malformed XMSS or XMSS^MT signatures to crash the verifying process, producing a denial-of-service condition in applications that consume untrusted post-quantum signatures.
Affected Products
- Open Quantum Safe liboqs versions prior to 0.16.0
- Applications and protocol stacks linking liboqs for XMSS stateful signature verification
- Downstream cryptographic libraries that embed or wrap liboqs XMSS/XMSS^MT routines
Discovery Timeline
- 2026-05-29 - CVE-2026-44518 published to NVD
- 2026-06-04 - Last updated in NVD database
Technical Details for CVE-2026-44518
Vulnerability Analysis
The vulnerability resides in the XMSS and XMSS^MT stateful signature verification code shipped with liboqs. The verifier expects a signature whose length matches the size dictated by the selected parameter set, which encodes tree height, Winternitz parameter, and hash output size. When a caller passes a buffer shorter than that expected size, the implementation does not reject the input. Instead, it continues parsing and reads bytes beyond the end of the supplied buffer. The classification aligns with [CWE-20: Improper Input Validation].
The out-of-bounds bytes are fed only into an internal hash computation. They are never returned to the caller, so the bug does not provide an oracle for leaking adjacent memory contents. The practical observable impact is a crash of the verifying process when the read crosses into an unmapped memory page, producing a denial-of-service condition.
Root Cause
The verification function trusts the caller-provided signature length without comparing it against the parameter-set-derived expected length before dereferencing the buffer. Because XMSS signatures are large and structured, the parser advances through authentication paths and WOTS+ components, repeatedly reading from offsets that may exceed the actual allocation when the input is truncated.
Attack Vector
Exploitation requires only that an attacker can deliver a crafted XMSS or XMSS^MT signature to a process that calls the affected liboqs verification API. No authentication or user interaction is needed. The fix in commit ef70dea7c85e5637f37828d75e5b9bb29dbfe513 introduces explicit length validation against the parameter set before signature parsing.
No verified exploitation code is publicly available. Refer to the GitHub Security Advisory GHSA-wf7v-fhxj-73m2 for the maintainer description.
Detection Methods for CVE-2026-44518
Indicators of Compromise
- Unexpected SIGSEGV or access-violation crashes in processes that call liboqs XMSS or XMSS^MT verification functions.
- Core dumps showing faults inside liboqs XMSS verify routines while parsing signature buffers.
- Repeated short or malformed signature submissions to services that accept post-quantum signatures.
Detection Strategies
- Inventory binaries and containers that statically or dynamically link liboqs below version 0.16.0 using software composition analysis.
- Instrument verification endpoints to log signature length and reject inputs whose length does not match the declared XMSS parameter set.
- Run fuzzing harnesses against the XMSS/XMSS^MT verify API with truncated signature inputs to surface vulnerable builds.
Monitoring Recommendations
- Alert on abnormal termination rates of services that perform post-quantum signature verification.
- Capture and review crash telemetry from cryptographic worker processes for stack frames inside XMSS verification.
- Track inbound traffic patterns that include malformed or undersized signature payloads against TLS, code-signing, or messaging endpoints using post-quantum signatures.
How to Mitigate CVE-2026-44518
Immediate Actions Required
- Upgrade liboqs to version 0.16.0 or later across all build pipelines, container images, and deployed binaries.
- Rebuild and redeploy any downstream libraries or applications that statically link liboqs.
- Audit application code to enforce a length check on signature inputs before invoking XMSS or XMSS^MT verification.
Patch Information
The vulnerability is fixed in liboqs0.16.0. The fix is delivered in upstream commit ef70dea7c85e5637f37828d75e5b9bb29dbfe513, which adds the missing length validation in the XMSS and XMSS^MT verification path. Full details are documented in the Open Quantum Safe Security Advisory GHSA-wf7v-fhxj-73m2.
Workarounds
- Wrap calls to the XMSS verification API with caller-side checks that compare the signature length against the parameter-set-defined expected length before dispatching to liboqs.
- Disable XMSS and XMSS^MT algorithm support in services that do not require stateful hash-based signatures until the patched library is deployed.
- Restrict network exposure of services that accept untrusted post-quantum signatures and rate-limit signature verification requests.
# Verify the installed liboqs version and rebuild against 0.16.0
pkg-config --modversion liboqs
git clone --branch 0.16.0 https://github.com/open-quantum-safe/liboqs.git
cmake -S liboqs -B liboqs/build -DOQS_BUILD_ONLY_LIB=ON
cmake --build liboqs/build --parallel
sudo cmake --install liboqs/build
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
