By vendor

Openssl vulnerabilities

Known CVEs affecting Openssl products, prioritized by severity, with SEC.co remediation and detection guidance.

12 published vulnerabilities

  • CVE-2026-34180HIGH 7.5

    OpenSSL contains a flaw in how it processes certain encoded certificate and data structures (ASN.1 format) that can cause applications to crash or read memory they shouldn't access. The vulnerability is triggered when an attacker crafts a specially formatted file with an unusually large size declaration—over 2 gigabytes—which confuses OpenSSL's decoder into reading beyond safe memory boundaries. This primarily affects server applications and services running on 64-bit Unix systems that directly process untrusted certificate or cryptographic data.

  • CVE-2026-34183HIGH 7.5

    A vulnerability in OpenSSL's QUIC implementation allows a remote attacker to exhaust server or client memory by repeatedly sending specially crafted network packets called PATH_CHALLENGE frames. The QUIC stack responds to each one by allocating memory for a PATH_RESPONSE frame, but if the attacker never acknowledges these responses, the memory is never freed. An attacker can repeat this process until the application runs out of memory and crashes, causing a denial of service. This affects both QUIC clients and servers running vulnerable OpenSSL versions.

  • CVE-2026-42764HIGH 7.5

    OpenSSL's QUIC server implementation contains a flaw that can crash the server when it receives specially crafted initial connection packets. This only affects servers that have explicitly disabled address validation—a non-default setting. An unauthenticated attacker on the network can exploit this by sending a QUIC initial packet with an invalid token, causing the server process to terminate abruptly and become unavailable. The vulnerability does not lead to data theft or unauthorized access, only service disruption.

  • CVE-2026-42765HIGH 7.5

    CVE-2026-42765 is a denial-of-service vulnerability in OpenSSL that crashes applications when two specific certificate verification features are enabled simultaneously. The flaw occurs when OCSP response checking for the entire certificate chain is combined with partial-chain verification, and the chain lacks a self-signed trusted root certificate. Under these conditions, the code attempts to dereference a NULL pointer, causing the application to crash. Since both features are disabled by default in OpenSSL, real-world risk is limited to applications that explicitly enable both flags.

  • CVE-2026-34181HIGH 7.4

    OpenSSL's PKCS#12 file parser has a validation flaw that allows attackers to forge certificates and private keys. When a service uses PKCS#12 files with password-based authentication (specifically the PBMAC1 integrity mechanism), an attacker can craft a specially designed file that bypasses validation checks with a 1-in-256 success rate. This means an attacker could inject malicious certificates and keys into systems that process these files, potentially enabling account impersonation and unauthorized access.

  • CVE-2026-42771MEDIUM 6.2

    CVE-2026-42771 is a vulnerability in OpenSSL's email address validation logic that can cause an application to crash when processing crafted email addresses. The flaw lies in how OpenSSL validates the local part (the part before the '@' symbol) of email addresses, particularly during S/MIME message validation. An attacker who can supply a malicious email address in an S/MIME message can trigger an out-of-bounds read that most likely results in a denial of service. The vulnerability does not allow data theft or system compromise beyond availability impact.

  • CVE-2026-42766MEDIUM 5.9

    A flaw in OpenSSL's CMS (Cryptographic Message Syntax) password decryption logic allows an attacker to crash applications by sending specially crafted encrypted messages. The vulnerability stems from the code not properly checking whether an optional field exists before using it, resulting in a null pointer crash and service disruption.

  • CVE-2026-42767MEDIUM 5.9

    An OpenSSL vulnerability allows an attacker controlling or intercepting CMP (Certificate Management Protocol) traffic to crash client applications by sending a specially crafted certificate response. The attack exploits a code defect where OpenSSL fails to properly validate a specific field in the response, causing the application to crash and become unavailable. This is a denial-of-service issue, not a data breach or unauthorized access risk.

  • CVE-2026-42769MEDIUM 5.3

    A defect in OpenSSL's Certificate Management Protocol (CMP) implementation allows an attacker with valid Registration Authority credentials to trick CMP clients into accepting a forged root CA certificate as legitimate. The flaw stems from a typo in certificate chain validation code that disabled critical signature verification checks during root CA key rollover operations. While the vulnerability requires the attacker to already possess RA-level credentials, successful exploitation would grant them root CA authority over affected clients—a significant privilege escalation. The FIPS module implementation of OpenSSL is not affected.

  • CVE-2026-35188MEDIUM 5.0

    A flaw in OpenSSL's handling of TLS OCSP stapling—an optimization that allows servers to provide certificate validity proof directly—can cause a double-free memory error in connecting clients. When a malicious server sends a specially crafted OCSP response, it triggers corruption of the client's heap memory. While OCSP stapling is disabled by default, organizations that have explicitly enabled it face exposure. The vulnerability reliably causes denial of service; remote code execution is theoretically possible but difficult to reliably achieve in practice.

  • CVE-2026-42768LOW 3.7

    OpenSSL's CMS and S/MIME decryption functions contain a flaw that allows attackers to exploit error messages or decryption output to gradually recover encrypted data or forge signatures. The vulnerability exists in two forms: when no recipient certificate is provided, an attacker can craft a message with multiple encryption layers to probe for valid padding patterns; when a certificate is provided but doesn't match, OpenSSL substitutes a random key, which an attacker can use to compare results and refine attacks. The practical risk is low because exploiting it requires the victim's application to expose detailed error codes or decryption results to an untrusted attacker, a scenario OpenSSL's developers consider very unlikely in real-world deployments.

  • CVE-2026-42770LOW 3.7

    A weakness in OpenSSL's handling of X9.42 Diffie-Hellman key exchanges allows a malicious peer to forge domain parameters in a way that bypasses security validation. Specifically, when checking that a peer's public key belongs to the correct mathematical subgroup, OpenSSL uses the peer's own parameters instead of verifying against the local key's parameters. An attacker can exploit this to gradually recover fragments of a victim's private key through repeated key exchange attempts, ultimately reconstructing the entire key via mathematical combination. However, the practical risk is limited to specific scenarios: principally Certificate Management Protocol (CMP) deployments where a Certification Authority or Registration Authority maintains long-lived X9.42 DHX keys, and custom enterprise or government applications using static DHX keys in interactive protocols.