Skip to main content

OpenSSL CVE-2026-42767

| EUVD-2026-35484 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-09 GHSA-gxhg-7jx8-m22j
Denial Of Service Null Pointer Dereference OpenSSL Red Hat
5.9
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.3 LOW
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 09, 2026 - 21:37 vuln.today
Analysis Generated
Jun 09, 2026 - 21:37 vuln.today
CVSS changed
Jun 09, 2026 - 21:22 NVD
5.9 (MEDIUM)
CVE Published
Jun 09, 2026 - 11:43 nvd
MEDIUM 5.9
CVE Published
Jun 09, 2026 - 11:43 nvd
UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

AnalysisAI

NULL pointer dereference in OpenSSL's CRMF EncryptedValue decryption path crashes the affected process, creating a remotely triggerable denial-of-service condition across five actively maintained OpenSSL branches (3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.x). The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, score 5.9) confirms network reachability with no authentication required, but high attack complexity limits trivial mass exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify CRMF/CMP-processing endpoint
Delivery
Craft malformed CRMF EncryptedValue structure
Exploit
Send crafted certificate management request
Execution
Trigger NULL pointer dereference in decryption handler
Persist
OpenSSL process crashes
Impact
PKI service denial-of-service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application is actively processing CRMF EncryptedValue decryption - meaning it must be running a service that accepts and processes CRMF or CMP certificate management protocol messages (such as a CA enrollment server, CMP gateway, or registration authority). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 5.9 score reflects a meaningful but bounded threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a network service that uses OpenSSL to process CRMF certificate management messages - such as a CA enrollment endpoint, a CMP-speaking registration authority, or an EST/SCEP server - sends a specially crafted CRMF request containing a malformed or incomplete EncryptedValue structure. OpenSSL's decryption handler dereferences a NULL pointer, causing the serving process to crash and producing a denial-of-service condition for all users of that PKI service. …
Remediation The primary remediation is to upgrade to the patched OpenSSL releases: 3.0.21, 3.4.6, 3.5.7, 3.6.3, or 4.0.1 depending on the branch in use. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH
7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp
CVE-2026-53622 HIGH
Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed

Share

CVE-2026-42767 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy