What is the CVSS score of CVE-2026-8507?

CVE-2026-8507 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Crypt::OpenSSL::PKCS12 are affected by CVE-2026-8507?

The Crypt::OpenSSL::PKCS12 Perl module (versions ≤1.94) contains a critical heap memory corruption vulnerability that could enable remote code execution when processing specially crafted PKCS12…

Crypt::OpenSSL::PKCS12 CVE-2026-8507

EUVD-2026-30708 CRITICAL

Out-of-bounds Write (CWE-787)

2026-05-17 9b29abf9-4ab0-4765-b253-1875cd9b441e

GHSA-3qmj-qw66-fwx8

RCE Buffer Overflow Memory Corruption OpenSSL

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

May 18, 2026 - 13:22 vuln.today

Analysis Generated

May 18, 2026 - 13:22 vuln.today

CVSS changed

May 18, 2026 - 13:22 NVD

9.8 (CRITICAL)

CVE Published

May 17, 2026 - 19:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws.

When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap-OOB-WRITE would be triggered which could have Remote Code Execution (RCE) potential.

AnalysisAI

Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers who can supply a malicious PKCS12 file processed via info() or info_as_hash() to corrupt heap memory and potentially achieve remote code execution. The flaw stems from an integer overflow when an OCTET STRING or BIT STRING attribute on a SAFEBAG is >= 1 GiB in size, causing an undersized allocation followed by an OOB write. …

RemediationAI

Within 24 hours: Inventory all systems using Crypt::OpenSSL::PKCS12 versions ≤1.94 and identify if untrusted PKCS12 files are processed. Within 7 days: Implement input validation to reject PKCS12 files >1 GiB, restrict processing to trusted sources, and monitor for patch availability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8507 vulnerability details – vuln.today

Back

Crypt::OpenSSL::PKCS12 CVE-2026-8507

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code