{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32953", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T00:05:53.285Z", "datePublished": "2026-03-20T04:24:12.374Z", "dateUpdated": "2026-03-20T04:24:12.374Z"}, "containers": {"cna": {"title": "Tillitis: TKey Client has an Error in Protocol Implementation", "problemTypes": [{"descriptions": [{"cweId": "CWE-303", "lang": "en", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v"}, {"name": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8", "tags": ["x_refsource_MISC"], "url": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8"}, {"name": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0"}], "affected": [{"vendor": "tillitis", "product": "tkeyclient", "versions": [{"version": "< 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:24:12.374Z"}, "descriptions": [{"lang": "en", "value": "Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)\u2014and thus the same key material\u2014as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte."}], "source": {"advisory": "GHSA-4w7r-3222-8h6v", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)\u2014and thus the same key material\u2014as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte."}], "id": "CVE-2026-32953", "lastModified": "2026-03-20T05:16:14.720", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T05:16:14.720", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8"}, {"source": "security-advisories@github.com", "url": "https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-303"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "tkeyclient", "source": "cna", "vendor": "tillitis"}, "product": "tkeyclient", "vendor": "tillitis"}], "analysis": {"en": {"generated_at": "2026-03-20T05:21:20.372742+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest TKey Client version 1.3.0 or newer.", "If an upgrade cannot be performed immediately, generate and use a USS whose hash digest does not begin with a zero byte.", "Regenerate all key material and replace any existing CDIs that may have been affected by the collision.", "Verify that updated keys are correctly stored and used by all dependent services.", "Monitor system logs for any indications of duplicated key usage or anomalies in key generation.", "Subscribe to vendor advisories and apply future patches as they become available."], "summary": {"action": "Upgrade", "impact": "Key material collision leading to duplicate keys"}, "threat_synthesis": {"affected_systems": "All instances of the TKey Client Go package with version 1.2.0 and below are affected. The issue was detected in the source code commit 4954dccf0287657edf8d405057e134cdff9c59e8 and is addressed in release v1.3.0, which replaces the faulty buffer handling logic. Users running any earlier releases should therefore consider their installations vulnerable.", "description_and_impact": "The Tillitis TKey Client package contains a buffer index error in its Go module that silently discards any User Supplied Secret (USS) whose hash starts with 0x00. This causes the client to treat such a USS as if none were supplied, producing the same Compound Device Identifier (CDI) and identical key material as if no USS had been provided. Consequently, 1 out of every 256 intended USS values are effectively ignored, leading to a collision in key generation. The flaw is a protocol implementation error (CWE-303) that undermines the uniqueness of cryptographic keys and can allow an attacker to force duplicate keys, potentially exposing data encrypted with those keys.", "risk_and_exploitability": "The CVSS score is 4.7, indicating moderate severity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known active exploitation. The attack vector is implicit: an attacker who can supply a USS whose hash digest begins with 0x00 can trigger the collision. Since the flaw exists entirely on the client side, exploitation requires control over the USS rather than network access, leading to a moderate but non-zero risk of key duplication and potential data compromise."}}}}, "created": "2026-03-20T08:52:39.863484+00:00", "updated": "2026-03-20T10:37:21.564524+00:00", "vendors": ["tillitis", "tillitis$PRODUCT$tkeyclient"]}