CNNVD-202601-4330 Information
Jan 26, 2026
cve
CNNVD ID
CNNVD-202601-4330
Related CVE
- CNNVD Published: 2026-01-26
Description (Chinese)
dcap-qvl是Phala开源的一个机密计算开发库。 dcap-qvl 0.3.9之前版本存在数据伪造问题漏洞,该漏洞源于加密验证过程存在关键缺陷,可能允许攻击者伪造QE身份数据并绕过远程证明安全模型。
Description (English)
dcap-qvl is a confidential computing developer for the PHala open source. The previous version of dcap-qvl 0.3.9 had a loophole in the problem of data forgery, which stemmed from the key flaws in the encryption certification process, which might allow the assailants to forge QE identification data and bypass remote proof security models.
Hazard Level
Low
Vulnerability Type
数据伪造问题
Affected Vendor
Phala
Published
2026-01-26
Last Modified
2026-02-24
References
https://github.com/Phala-Network/dcap-qvl/security/advisories/GHSA-796p-j2gh-9m2q
Patch
https://github.com/Phala-Network/dcap-qvl/releases
Share on: