github veracrypt/VeraCrypt VeraCrypt_1.26.29
VeraCrypt 1.26.29
on GitHub

9 hours ago

Binaries for supported operating systems are also available at Sourceforge.

Changes between 1.26.24 and 1.26.29 (9 June 2026):

  • All OSes:

    • Add Argon2id as an alternative memory-hard KDF for non-system volumes.
    • Use "KDF" terminology in the user interface and documentation instead of "PKCS-5 PRF".
    • Update logo icons with simplified icons without extra label text.
    • Harden XML and TLV parsers against malformed input.
    • Security: Fix GHSA-94c6-mgmv-mqc5: non-default WOLFCRYPT=1 builds now use wolfCrypt PBKDF2 instead of HKDF and honor VeraCrypt's PBKDF2 iteration count.
    • Fix CPU feature detection and crypto implementation edge cases, including AVX2/leaf 7 detection, BLAKE2s/Argon2 no-SSE2 x86 fallback paths, Camellia SSSE3 dispatch, Twofish x64 multiblock tail handling, and Whirlpool alignment.
    • Update documentation, including Argon2id/KDF information and split Windows/Unix command line usage pages.
    • Update translations.

  • Windows:

    • Fix rare BSOD issue affecting the VeraCrypt driver.
    • Fix hibernation crash on fresh Windows 11 25H2 installations.
    • Security: Fix GHSA-jjcr-75w7-58jp: hidden volume quick format no longer uses the file-container allocation shortcut that wrote plaintext zero sectors at 128 MiB intervals, preserving plausible deniability.
      • Reported by vastblast.
      • Regression introduced in 1.26.6.
      • CVE-2026-54073
    • Harden Windows driver input validation and crash dump filter handling. (GH PR #1590)
    • Improve driver I/O handling, including safer request completion, ordered volume flush barriers, and better VERIFY/TRIM validation.
    • Fix PBKDF XSTATE cleanup and add Win64 unwind metadata for AES assembly.
    • Speed up mounting when KDF autodetection is selected.
    • Allow selecting which KDF algorithms are included in the benchmark dialog.
    • Allow canceling long mount operations from the wait dialog and with the new /cancelmount CLI switch, including auto-mount scans.
    • Add support for new Microsoft UEFI CA 2023 signed EFI bootloaders while preserving Microsoft UEFI CA 2011 support.
    • Improve EFI system encryption repair and upgrade handling, including stuck decryption finalization, Post-OOBE repair, loader restoration verification, and clearer missing-loader reporting.
    • Fix EFI DcsProp rewrite handling.
    • Fix ghost drive letter after command line unmount. (GH #337, GH #1426)
    • Fix favorite volume mount race.
    • Validate PIM when changing only the KDF.
    • Fix elevated COM format drive validation and device path normalization. (GH #1670)
    • Fix ReFS formatting during volume creation.
    • Fix MSI traveler disk creation with WHQL-signed drivers, ARM64 MSI build, Start Menu folder upgrades, and discovery of newer SDK MSI tools.
    • Add CLI switch /protectScreen to allow disabling screen protection in portable mode.
    • Add argument to CLI switch /protectMemory to allow disabling memory protection in portable mode.
    • Add setting and CLI switch /enableIME to allow enabling Input Method Editor (IME) in Secure Desktop.
    • Use tab control for VeraCrypt preferences to reduce clutter and size of the dialog.
    • Provide VeraCrypt C/C++ SDK for creating volumes.
    • Update LZMA SDK to version 26.01.

  • Linux:

    • Update Ubuntu 25.04 dependency to require libwxgtk3.2-1t64.
    • Add support for building against FUSE3.
    • Add in-kernel NTFS driver selection for NTFS mounts, including --filesystem=kernel-ntfs and -m kernelntfs.
      • --filesystem=ntfs3 now pins the kernel ntfs3 driver and bypasses mount helpers such as mount.ntfs3.
    • Fix AppImage portability and language loading, bundle a matching FUSE library, and allow AppImage file name to start with "veracrypt" in any case.
    • Suppress redundant "already running" dialog and store the GUI instance lock under XDG paths.
    • Add emergency cleanup for stale unmounts.
    • Parallelize header KDF autodetection.
    • Honor nokernelcrypto during external formatting.
    • On WSL, open mounted volumes using Windows Explorer.
    • Add support for reproducible Linux builds, including SOURCE_DATE_EPOCH handling, DEB/RPM packages, and Arch package builds.
    • Add OpenWrt package build and QEMU test scripts.
    • Fix CMake 4 compatibility, CentOS 6 GCC 4.4 builds, and wxWidgets-related build issues.

  • Linux and macOS:

    • Fix initial width of columns in main UI.
    • Enable Quick Format for normal file containers. The container is sized with ftruncate(), so the host filesystem may keep regions unwritten or sparse until data is written to them.
    • Fix hidden volume size estimation for exFAT outer volumes.
    • Fix hidden volume FAT size limit handling.
    • Fix erroneous 2 TiB limit for hidden file containers in GUI wizard.
    • Show volume creation finalization stages.
    • Collect mouse entropy from nested controls in the volume creation wizard.
    • Fix remaining wxWidgets sizer flags.

  • macOS:

    • Use SMB backend for FUSE-T auxiliary mounts and improve FUSE-T SMB metadata handling and mount stability.
    • Recover mounted volume mount points.
    • Validate format wizard device targets and block partitioned whole-disk alias bypasses.
    • Run APFS formatter elevated when needed and prepare APFS formatter device aliases.
    • Force fresh exFAT layout when formatting volumes.
    • Fix Command-A in password fields.
    • Link against wxWidgets 3.2.10 and allow overriding the deployment target.

  • BSD:

    • FreeBSD: link static wxWidgets builds with iconv.
    • OpenBSD: fix device-hosted volume sizing, honor doas user for mount ownership and FUSE access, and fix CLI build and PCSC exit handling.

Merged Pull Requests

New Contributors

Full Changelog: VeraCrypt_1.26.24...VeraCrypt_1.26.29

Check out latest releases or
releases around veracrypt/VeraCrypt VeraCrypt_1.26.29

Don't miss a new VeraCrypt release

NewReleases is sending notifications on new releases.

Get notifications