Skip to main content

OpenSSL CVE-2026-9265

| EUVDEUVD-2026-38103 CRITICAL
Out-of-bounds Read (CWE-125)
2026-06-20 CPANSec GHSA-597h-8vxx-6jqw
9.1
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from Vendor (CPANSec) · only source for this CVE.

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 20, 2026 - 00:46 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.

print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

Analysis

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-45087 CRITICAL POC
10.0 May 12

Unauthenticated remote code execution in Dalfox REST API server mode (versions ≤2.12.0) allows network attackers to exec

CVE-2025-15467 HIGH POC
8.8 Jan 27

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD paramete

CVE-2025-2263 CRITICAL POC
9.8 Mar 13

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u

CVE-2026-1357 CRITICAL POC
9.8 Feb 11

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

CVE-2025-34192 CRITICAL POC
9.3 Sep 19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to

CVE-2025-34203 CRITICAL POC
9.3 Sep 19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior t

CVE-2026-2673 MEDIUM POC
6.5 Mar 13

OpenSSL and Microsoft products using the 'DEFAULT' keyword in TLS 1.3 key exchange group configurations may negotiate we

CVE-2026-25892 HIGH POC
7.5 Feb 09

Adminer versions 5.4.1 and earlier suffer from a post-message validation bypass that allows remote attackers to trigger

CVE-2026-48753 CRITICAL POC
9.9 Jun 26

Arbitrary host file write in Incus before 7.1.0 lets a holder of S3 bucket credentials escape the storage volume via a p

CVE-2026-55166 CRITICAL POC
9.9 Jun 25

Privilege escalation to AWS IAM and PKI compromise in Netflix Lemur 1.9.0 (and earlier) lets any SSO-authenticated, low-

CVE-2026-32253 CRITICAL
9.8 May 22

Authentication bypass in LizardByte Sunshine self-hosted game stream host (versions prior to 2026.516.143833) allows rem

CVE-2026-31789 CRITICAL
9.8 Apr 07

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflo

Vendor StatusVendor

Debian

Bug #1140426
libcrypt-openssl-pkcs12-perl
Release Status Fixed Version Urgency
bullseye vulnerable 1.3-1 -
trixie vulnerable 1.94-1 -
forky, sid vulnerable 1.95-1 -
(unstable) fixed (unfixed) -

Share

CVE-2026-9265 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy