{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32953", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T00:05:53.285Z", "datePublished": "2026-03-20T04:24:12.374Z", "dateUpdated": "2026-03-20T18:08:15.041Z"}, "containers": {"cna": {"title": "Tillitis: TKey Client has an Error in Protocol Implementation", "problemTypes": [{"descriptions": [{"cweId": "CWE-303", "lang": "en", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v"}, {"name": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8", "tags": ["x_refsource_MISC"], "url": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8"}, {"name": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0"}], "affected": [{"vendor": "tillitis", "product": "tkeyclient", "versions": [{"version": "< 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:24:12.374Z"}, "descriptions": [{"lang": "en", "value": "Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)\u2014and thus the same key material\u2014as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte."}], "source": {"advisory": "GHSA-4w7r-3222-8h6v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T16:34:24.939980Z", "id": "CVE-2026-32953", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T18:08:15.041Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32953", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T16:34:24.939980Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T16:34:32.594Z"}}], "cna": {"title": "Tillitis: TKey Client has an Error in Protocol Implementation", "source": {"advisory": "GHSA-4w7r-3222-8h6v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.7, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "tillitis", "product": "tkeyclient", "versions": [{"status": "affected", "version": "< 1.3.0"}]}], "references": [{"url": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v", "name": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8", "name": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0", "name": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)\u2014and thus the same key material\u2014as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-303", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:24:12.374Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32953", "state": "PUBLISHED", "dateUpdated": "2026-03-20T18:08:15.041Z", "dateReserved": "2026-03-17T00:05:53.285Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T04:24:12.374Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tillitis:tkey_client:*:*:*:*:*:go:*:*", "matchCriteriaId": "69DA71F2-9C6E-443F-977D-480ED94F7BCB", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)\u2014and thus the same key material\u2014as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte."}, {"lang": "es", "value": "El paquete Tillitis TKey Client es un paquete Go para un cliente TKey. Las versiones 1.2.0 e inferiores contienen un error cr\u00edtico en el m\u00f3dulo Go tkeyclient que provoca que 1 de cada 256 Secretos Suministrados por el Usuario (USS) sea ignorado silenciosamente, produciendo el mismo Identificador de Dispositivo Compuesto (CDI) \u2014y por lo tanto el mismo material de clave\u2014 como si no se proporcionara ning\u00fan USS. Esto ocurre porque un error de \u00edndice de b\u00fafer sobrescribe el booleano USS-enabled con el primer byte del resumen del USS, por lo que cualquier USS cuyo hash comience con 0x00 es efectivamente descartado. Este problema ha sido solucionado en la versi\u00f3n 1.3.0. Los usuarios que no puedan actualizar inmediatamente deber\u00edan cambiar a un USS cuyo hash no comience con un byte cero."}], "id": "CVE-2026-32953", "lastModified": "2026-04-16T13:14:09.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T05:16:14.720", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-303"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "tkeyclient", "source": "cna", "vendor": "tillitis"}, "product": "tkeyclient", "vendor": "tillitis"}], "analysis": {"en": {"generated_at": "2026-04-17T11:29:48.054501+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest TKey Client version 1.3.0 or newer.", "If an upgrade cannot be performed immediately, generate and use a USS whose hash digest does not begin with a zero byte.", "Regenerate all key material and replace any existing CDIs that may have been affected by the collision."], "summary": {"action": "Upgrade", "impact": "Key material collision leading to duplicate keys"}, "threat_synthesis": {"affected_systems": "All instances of the TKey Client Go package with version 1.2.0 and below are affected. The issue was detected in the source code commit 4954dccf0287657edf8d405057e134cdff9c59e8 and is addressed in release v1.3.0, which replaces the faulty buffer handling logic. Users running any earlier releases should therefore consider their installations vulnerable.", "description_and_impact": "The Tillitis TKey Client package contains a buffer index error in its Go module that silently discards any User Supplied Secret (USS) whose hash starts with 0x00. This causes the client to treat such a USS as if none were supplied, producing the same Compound Device Identifier (CDI) and identical key material as if no USS had been provided. Consequently, 1 out of every 256 intended USS values are effectively ignored, leading to a collision in key generation. The flaw is a protocol implementation error (CWE-303) that undermines the uniqueness of cryptographic keys and can allow an attacker to force duplicate keys, potentially exposing data encrypted with those keys.", "risk_and_exploitability": "The CVSS score is 4.7, indicating moderate severity. The EPSS score indicates an exploitation probability of 7e-05 (0.007%) and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known active exploitation. The attack vector is implicit: an attacker who can supply a USS whose hash digest begins with 0x00 can trigger the collision. Since the flaw exists entirely on the client side, exploitation requires control over the USS rather than network access, leading to a moderate but non-zero risk of key duplication and potential data compromise."}}}}, "created": "2026-03-20T08:52:39.863484+00:00", "updated": "2026-04-17T11:30:16.998452+00:00", "vendors": ["tillitis", "tillitis$PRODUCT$tkeyclient"]}