Skip to main content

OpenSSL EUVD-2026-35475

| CVE-2026-9076 HIGH
Out-of-bounds Read (CWE-125)
2026-06-09 GHSA-q98x-73c3-57gj
OpenSSL Information Disclosure Buffer Overflow
High
Disputed · 7.5 Vendor
Share

Severity by source

Sources disagree (Low–High)
Vendor (CNA) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
3.7 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Red Hat
5.9 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 09, 2026 - 20:24 vuln.today
Analysis Generated
Jun 09, 2026 - 20:24 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
7.5 (HIGH)
CVE Published
Jun 09, 2026 - 11:43 nvd
HIGH 7.5
CVE Published
Jun 09, 2026 - 11:43 nvd
UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

Articles & Coverage 1

News 7 New OpenSSL Vulnerabilities - 1 Critical, 6 High Severity Jun 10, 2026

AnalysisAI

Out-of-bounds read in OpenSSL's CMS password-based decryption code (CVE-2026-9076) allows remote attackers to cause denial of service against applications that decrypt attacker-supplied CMS messages. The flaw is fixed in OpenSSL 4.0.1 alongside a batch of other cryptographic vulnerabilities, with no public exploit identified at time of analysis and no CISA KEV listing. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify service decrypting CMS input
Delivery
Craft malformed PWRI CMS payload
Exploit
Submit message to target endpoint
Execution
Trigger out-of-bounds read in CMS parser
Persist
Crash OpenSSL-linked process
Impact
Sustained denial of service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The target application must call OpenSSL's CMS password-based decryption path (e.g., CMS_decrypt() handling a PasswordRecipientInfo) on attacker-controllable input, and must be linked against a vulnerable OpenSSL branch (1.0.2 < 1.0.2zq, 1.1.1 < 1.1.1zh, 3.0 < 3.0.21, 3.4 < 3.4.6, 3.5 < 3.5.7, 3.6 < 3.6.3, or 4.0.0). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H) reflects a pure availability impact reachable over the network without authentication or user interaction - consistent with a parser bug an attacker triggers by submitting a crafted CMS blob to any service that decrypts user-supplied messages. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker submits a maliciously crafted CMS EnvelopedData message with a malformed PasswordRecipientInfo structure to any application that invokes OpenSSL's CMS password-based decryption - for example, a mail gateway, secure-message processor, or signing/encryption microservice. OpenSSL reads beyond the intended buffer during PWRI parsing, crashing the process and producing a denial of service; with no public PoC identified at time of analysis, exploitation requires the attacker to develop their own malformed CMS payload from the patch commits referenced in the advisory.
Remediation Vendor-released patches are available: upgrade to OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh, or 1.0.2zq depending on the branch you run, per the OpenSSL advisory at https://openssl-library.org/news/secadv/20260609.txt and the release notes at https://github.com/openssl/openssl/releases/tag/openssl-4.0.1. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify systems running affected OpenSSL versions (1.0.2, 1.1.1, 3.0, 3.4, 3.5, 3.6, 4.0.0) and applications handling CMS-encrypted data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH
7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp
CVE-2026-53622 HIGH
Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected
SUSE Linux Enterprise Micro 5.3 Affected

Share

EUVD-2026-35475 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy