By weakness (CWE)
CWE-354: related vulnerabilities
CVEs classified under CWE-354. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-34181HIGH 7.4
OpenSSL's PKCS#12 file parser has a validation flaw that allows attackers to forge certificates and private keys. When a service uses PKCS#12 files with password-based authentication (specifically the PBMAC1 integrity mechanism), an attacker can craft a specially designed file that bypasses validation checks with a 1-in-256 success rate. This means an attacker could inject malicious certificates and keys into systems that process these files, potentially enabling account impersonation and unauthorized access.