CVE-2026-28815
Received Received - Intake
Out-of-Bounds Read in Swift-Crypto HPKE Causes Crash, Data Leak

Publication date: 2026-04-03

Last updated on: 2026-04-13

Assigner: Apple Inc.

Description
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28815
EUVD
EUVD-2026-18570
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apple swift-crypto From 4.0.0 (inc) to 4.3.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by testing the behavior of the HPKE.Recipient initialization in the Apple Swift Crypto library when supplied with encapsulated keys of incorrect length.

A proof of concept involves passing a deliberately short encapsulated key (e.g., 1 byte instead of the required 1120 bytes) to the decapsulation function and observing if it triggers an out-of-bounds read or crash.

Running the vulnerable code with AddressSanitizer enabled can help detect dynamic stack buffer overflow reads caused by this issue.

  • Use a test case that initializes an HPKE.Recipient with a malformed encapsulated key shorter than 1120 bytes.
  • Run the application or test with AddressSanitizer or similar memory safety tools to detect out-of-bounds reads or crashes.
Mitigation Strategies

The immediate mitigation step is to upgrade the Apple Swift Crypto library to version 4.3.1 or later, where the vulnerability is fixed by adding proper length validation before passing encapsulated ciphertext to the C API.

Avoid using vulnerable versions (4.0.0 to 4.3.0) of the Swift Crypto library in your environment until the update is applied.

Executive Summary

CVE-2026-28815 is a memory safety vulnerability in the Apple Swift Crypto library's X-Wing HPKE decapsulation implementation. The issue occurs because the decapsulation function accepts an attacker-controlled encapsulated ciphertext of arbitrary length without checking that it is exactly 1120 bytes as required.

The vulnerable function forwards this input directly to a C API that expects a fixed-size buffer of 1120 bytes. If a shorter input is provided, the C code reads beyond the buffer boundary, causing an out-of-bounds read.

This can lead to crashes or potential memory disclosure depending on runtime protections. The flaw is exploitable when initializing an HPKE.Recipient object with a malformed encapsulated key.

The vulnerability is fixed in Swift Crypto version 4.3.1 by adding proper length validation before passing data to the C API.

Impact Analysis

This vulnerability allows a remote attacker to supply a malformed, short encapsulated key that triggers an out-of-bounds read in the C decapsulation code.

The impact can include application crashes or potential memory disclosure, which might expose sensitive information depending on the runtime environment's protections.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart