Encryption Vulnerability in Steeltoe Configuration by Steeltoe
CVE-2026-50268

1.9LOW

Key Information:

Vendor: Steeltoeoss
Status: Steeltoe.configuration.encryption
Vendor: CVE Published:; 17 June 2026

🔔 Create Steeltoeoss Vulnerability Alert

What is CVE-2026-50268?

The Steeltoe.Configuration.Encryption library versions 4.0.0 through 4.1.0 contains a configuration issue that prevents the OAEP encryption from being applied as intended. Instead, due to an incorrect transformation string from the BouncyCastle library, the OAEP setting erroneously defaults to using the PKCS#1 v1.5 algorithm, which is identical to the DEFAULT setting. Users are encouraged to upgrade to Steeltoe.Configuration.Encryption version 4.2.0 or later to resolve this issue.

Affected Version(s)

Steeltoe.Configuration.Encryption >= 4.0.0, < 4.2.0

References

https://github.com/SteeltoeOSS/security-advisories/securi...

x_refsource_CONFIRM

https://github.com/SteeltoeOSS/Steeltoe/commit/6cfee5cccd...

x_refsource_MISC

CVSS V3.1

Score:

1.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-50268 Data

JSON