Skip to main content

CWE-514

Covert Channel

1 CVEs Avg CVSS 3.7 MITRE
0
CRITICAL
0
HIGH
0
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-42768 LOW PATCH Monitor

Bleichenbacher oracle in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions exposes RSA-encrypted message content to unauthenticated remote attackers who can submit adaptive chosen-ciphertext queries against multi-RecipientInfo CMS/PKCS7 structures. Four active OpenSSL branches are affected (3.4.x, 3.5.x, 3.6.x, and 4.0.x), with patches released under the coordinated OpenSSL security advisory on 2026-06-09. No public exploit code and no active exploitation have been identified at time of analysis; SSVC rates this non-automatable with partial technical impact, consistent with the attack's high operational complexity.

OpenSSL Information Disclosure
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Bleichenbacher oracle in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions exposes RSA-encrypted message content to unauthenticated remote attackers who can submit adaptive chosen-ciphertext queries against multi-RecipientInfo CMS/PKCS7 structures. Four active OpenSSL branches are affected (3.4.x, 3.5.x, 3.6.x, and 4.0.x), with patches released under the coordinated OpenSSL security advisory on 2026-06-09. No public exploit code and no active exploitation have been identified at time of analysis; SSVC rates this non-automatable with partial technical impact, consistent with the attack's high operational complexity.

OpenSSL Information Disclosure
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy