Overview
CVE-2026-28815 is a high-severity vulnerability in Apple's swift-crypto library affecting the X-Wing Hybrid Public Key Encryption (HPKE) implementation. An attacker supplying a specially crafted short encapsulated key can trigger an out-of-bounds read in the C decapsulation code path.
| Field | Detail |
|---|---|
| CVE ID | CVE-2026-28815 |
| CVSS Score | 7.5 (High) |
| Affected | swift-crypto < 4.3.1 |
| Fixed In | swift-crypto 4.3.1 |
| Vector | Network, no authentication required |
| Impact | Crash / memory disclosure |
Vulnerability Details
X-Wing is a hybrid KEM (Key Encapsulation Mechanism) that combines X25519 Diffie-Hellman with ML-KEM-768 (Kyber) for post-quantum resistance. The defect exists in the native C implementation of the decapsulation routine: when the encapsulated key material is shorter than the expected format, a length validation is bypassed, allowing the library to read past the end of an allocated buffer.
Depending on memory layout and platform-level protections (ASLR, guard pages), the result is either:
- Process crash — denial of service for applications performing X-Wing decapsulation
- Memory disclosure — leaking bytes adjacent to the key buffer, potentially exposing sensitive heap data
The flaw is limited to the X-Wing decapsulation path; standard X25519 and ML-KEM-768 operations are unaffected.
Affected Components
- Library:
swift-crypto(Apple) - Component:
CryptoBoringWrapper/ X-Wing HPKE C bindings - Versions: All releases prior to 4.3.1
- Platforms: Any Swift project linking swift-crypto, including server-side Swift, iOS/macOS apps using the library directly
Mitigation
Update swift-crypto to version 4.3.1 or later. In your Package.swift:
.package(url: "https://github.com/apple/swift-crypto.git", from: "4.3.1")Run swift package update to pull the patched version.
If an immediate upgrade is not possible, consider disabling X-Wing HPKE operations at the application layer until the patch can be applied.