What is the CVSS score of CVE-2026-42766?

CVE-2026-42766 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2026-42766?

Yes, a patch is available for CVE-2026-42766. Update the affected software to the latest version immediately.

OpenSSL CVE-2026-42766

EUVD-2026-35483 MEDIUM

NULL Pointer Dereference (CWE-476)

2026-06-09

GHSA-58mv-qqmv-gqgv

Denial Of Service Null Pointer Dereference OpenSSL Red Hat

5.9

CVSS 3.1 · Vendor

Severity by source

Vendor (CNA) PRIMARY

5.9 MEDIUM

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SUSE

5.7 MEDIUM

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Red Hat

5.3 LOW

qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

Jun 09, 2026 - 21:37 vuln.today

Analysis Generated

Jun 09, 2026 - 21:37 vuln.today

CVSS changed

Jun 09, 2026 - 21:22 NVD

5.9 (MEDIUM)

CVE Published

Jun 09, 2026 - 11:43 nvd

MEDIUM 5.9

CVE Published

Jun 09, 2026 - 11:43 nvd

UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

AnalysisAI

Null pointer dereference in OpenSSL's password-based CMS decryption path enables remote denial of service against applications that process CMS EnvelopedData with password-based key derivation. The flaw affects a wide range of OpenSSL branches spanning 1.0.2 through 4.0.0, making the exposure surface unusually broad across long-term support and current releases. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify CMS password-based decryption endpoint

Delivery

Craft malformed PBES2 EnvelopedData message

Exploit

Deliver payload over network

Execution

Trigger null pointer dereference in decryption path

Persist

OpenSSL process crash

Impact

Service denial of service

Access

Identify CMS password-based decryption endpoint

Delivery

Craft malformed PBES2 EnvelopedData message

Exploit

Deliver payload over network

Execution

Trigger null pointer dereference in decryption path

Persist

OpenSSL process crash

Impact

Service denial of service

Vulnerability AssessmentAI

Exploitation	Exploitation requires that the target application actively invokes OpenSSL's password-based CMS decryption functionality - specifically, processing CMS EnvelopedData structures using password-derived keys rather than asymmetric RSA/ECDH keys. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 5.9 Medium score is consistent with a network-reachable DoS with high attack complexity (AC:H), meaning exploitation is not trivial and likely requires precise message crafting or non-default conditions to reach the vulnerable code path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker sends a specially crafted CMS EnvelopedData message that uses password-based encryption (PBES2/PBKDF2) to a network-exposed service that invokes OpenSSL's CMS decryption API, such as an S/MIME processing gateway or a custom PKI enrollment service. The malformed message triggers a null pointer dereference in the decryption code path, causing the OpenSSL process or the embedding application to crash. …
Remediation	The primary fix is to upgrade to a patched OpenSSL release: 4.0.1 for the 4.0.x branch, 3.6.3 for 3.6.x, 3.5.7 for 3.5.x, 3.4.6 for 3.4.x, 3.0.21 for the 3.0.x LTS branch, 1.1.1zh for extended-support 1.1.1 users, and 1.0.2zq for extended-support 1.0.2 users. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH This Week

7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin

CVE-2026-48491 HIGH This Week

Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp

CVE-2026-53622 HIGH This Week

Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Medium

Product	Status
SUSE Linux Enterprise Module for Basesystem 15 SP7	Affected
SUSE Linux Enterprise Server 15 SP7	Affected
SUSE Linux Enterprise Desktop 15 SP7	Affected
SUSE Linux Enterprise Server for SAP Applications 15 SP7	Affected
SUSE Linux Enterprise High Performance Computing 15 SP7	Affected

CVE-2026-42766 vulnerability details – vuln.today

Back

OpenSSL CVE-2026-42766

Severity by source

CVSS VectorVendor

Lifecycle Timeline

Description PRE-NVD

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code