Confirmed Vulnerabilities

9 issues confirmed by upstream maintainers (6 confirmed, 3 fixed)

Fixed

FixedXTS mode outLen formula in documentation always yields multiple of 16, but implementation does not
HITLS-2026-CRYPTO-001openHiTLS2026-05-19by Toan
Issue
Fixed[Bug]: Incorrect Comments about the reserve blocks property/invariant in XTS mode documentation
HITLS-2026-CRYPTO-002openHiTLS2026-05-19by Toan
Issue
Fixed密钥协商共享密钥(异步路径)未清零
CWE-244 — Improper Clearing of Heap Memory Before Release
OH-2026-CRYPTO-001security_crypto_framework2026-04-23by Zirui
Issue

Confirmed

Confirmed[Bug]: N8nWorkflowConverter maps httpRequest to COMPONENT_TYPE_PLUGIN but raises NotImplementedError instead of calling the existing implementation
AI-2026-CONV-001agent-studio2026-05-19by Toan
Issue
Confirmed[Bug]: Any operation (Update, Reinit, Final) succeeds silently after Deinit — producing wrong output
CWE-459 — Incomplete Cleanup
HITLS-2026-CRYPTO-003openHiTLS2026-05-19by Toan
Issue
Confirmed[Bug]: Reinit succeeds from INIT state (before any Update)
CWE-385 — Missing State Tracking
HITLS-2026-CRYPTO-004openHiTLS2026-05-19by Toan
Issue
Confirmedmerge_cpusets returns Err when one operand is empty — empty string split yields unparsable empty element
CWE-20 — Improper Input Validation
KUASAR-2026-KERNEL-001kuasar2026-05-19by Toan
Issue
Confirmedchecked_compute_delta intermediate sum overflows i64 — clock synchronization fails for large timestamps
CWE-190 — Integer Overflow or Wraparound
KUASAR-2026-KERNEL-002kuasar2026-05-19by Toan
Issue
ConfirmedIpcServerStub::OnRemoteRequest 缺少调用者身份验证
CWE-862 — Missing Authorization
OH-2026-DEVMGR-001distributedhardware_device_manager2026-05-03by Zirui
Issue