CVE-2026-22791

CVSS v3.1

6.6

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions openCryptoki versions 3.25.0 and 3.26.0

Description openCryptoki is a PKCS#11 library and tools for Linux and AIX. A heap buffer overflow exists in the CKM ECDH AES KEY WRAP implementation. An attacker with local access can cause out-of-bounds writes in the host process by providing a compressed EC public key and calling C WrapKey. This can result in heap corruption or a denial-of-service condition.

Recommendations Update to a version of openCryptoki newer than 3.26.0.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-131

Related Identifiers

CVE-2026-22791

GHSA-26F5-3MWQ-4WM7

OESA-2026-1257

OESA-2026-1258

OESA-2026-1320

OESA-2026-1321

OPENSUSE-SU-2026:10048-1

OPENSUSE-SU-2026:20233-1

SUSE-SU-2026:0291-1

SUSE-SU-2026:20345-1

SUSE-SU-2026:20434-1

Affected Products

Opencryptoki

CVE-2026-22791

Weakness Enumeration

Related Identifiers

Affected Products

References · 31