Vulnerability in Tillitis Tkeyclient

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the s…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

Affected products

Tillitis Tkeyclient — versions < 1.3.0

Weakness classification (CWE)

CWE-303 — Incorrect Implementation of Authentication Algorithm

References

https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v (x_refsource_CONFIRM)
https://github.com/tillitis/tkeyclient/commit/4954dccf0287657edf8d405057e134cdff9c59e8 (x_refsource_MISC)
https://github.com/tillitis/tkeyclient/releases/tag/v1.3.0 (x_refsource_MISC)