Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the OAEP setting selects PKCS#1 v1.5, which is the same algorithm as the DEFAULT setting. Steeltoe.Configuration.Encryption version 4.2.0 patches the issue.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50268.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-256",
"CWE-327"
]
}