PT-2026-29186 · Openssl+1 · Openssl+1

Xavier Danest

·

Published

2026-03-31

·

Updated

2026-04-15

·

CVE-2026-34054

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions vcpkg versions prior to 3.6.1#3
Description vcpkg, a C/C++ package manager, exhibited a configuration issue in its Windows builds of OpenSSL. Specifically, the openssldir setting was configured to a path on the build machine. This configuration could potentially allow for attacks on customer machines. The issue was addressed with version 3.6.1#3.
Recommendations Update to vcpkg version 3.6.1#3 or later.

Exploit

Fix

LPE

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-34054
GHSA-P322-V6VW-VRQ9
ZDI-26-281

Affected Products

Openssl
Vcpkg