Skip to main content

OpenSSL EUVD-2026-35481

| CVE-2026-42764 HIGH
NULL Pointer Dereference (CWE-476)
2026-06-09 GHSA-5pg7-f6xv-j6m4
Denial Of Service Null Pointer Dereference OpenSSL Red Hat
7.5
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Red Hat
5.9 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 09, 2026 - 21:26 vuln.today
Analysis Generated
Jun 09, 2026 - 21:26 vuln.today
CVSS changed
Jun 09, 2026 - 21:22 NVD
7.5 (HIGH)
CVE Published
Jun 09, 2026 - 11:43 nvd
HIGH 7.5
CVE Published
Jun 09, 2026 - 11:43 nvd
UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

Articles & Coverage 1

News 7 New OpenSSL Vulnerabilities - 1 Critical, 6 High Severity Jun 10, 2026

AnalysisAI

Denial of service in OpenSSL 3.5.x, 3.6.x, and 4.0.0 stems from a NULL pointer dereference triggered during QUIC server initial packet handling, allowing remote unauthenticated attackers to crash affected servers by sending crafted QUIC traffic. The flaw was disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside multiple other CVEs; no public exploit identified at time of analysis and no CISA KEV listing. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify QUIC/HTTP3 endpoint on UDP/443
Delivery
Craft malformed QUIC Initial packet
Exploit
Send packet to server
Execution
Trigger NULL pointer dereference in OpenSSL
Persist
Crash worker process
Impact
Repeat to sustain denial of service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The target server must be built against OpenSSL 3.5.0-3.5.6, 3.6.0-3.6.2, or 4.0.0 AND must have the OpenSSL QUIC server functionality enabled and reachable - meaning a process is bound to a UDP port (typically 443) and accepts inbound QUIC Initial packets. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) scores 7.5 and accurately reflects a pure availability impact: remote, unauthenticated, low-complexity, no user interaction, with no confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the internet sends a single crafted QUIC Initial packet to UDP/443 of a server running a vulnerable OpenSSL QUIC stack (for example, an HTTP/3-enabled reverse proxy or custom QUIC application), triggering the NULL pointer dereference and crashing the worker process or the entire server. Repeated packets, which can be source-spoofed because QUIC Initial processing happens before address validation completes, cause sustained outage of the QUIC endpoint. …
Remediation Vendor-released patches are available: upgrade to OpenSSL 3.5.7, 3.6.3, or 4.0.1 (or later) per the upstream advisory at https://openssl-library.org/news/secadv/20260609.txt and the release notes at https://github.com/openssl/openssl/releases/tag/openssl-4.0.1; the fix commits are tracked in the openssl/security repository (5e3ed29, a45a0ab, bf29a45). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running OpenSSL 3.5.x, 3.6.x, or 4.0.0 and document QUIC implementation status. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH
7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp
CVE-2026-53622 HIGH
Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed

Share

EUVD-2026-35481 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy