CVE-2026-28390

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6

Description Processing a specially crafted CMS EnvelopedData message with KeyTransportRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash before authentication or cryptographic operations, resulting in a Denial of Service. The issue occurs when examining the optional parameters field of RSA-OAEP SourceFunc algorithm identifier without verifying its presence, leading to a NULL pointer dereference if the field is missing. Applications and services using CMS decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected.

Recommendations Update to a version after 3.6. Update to a version after 3.5. Update to a version after 3.4. Update to a version after 3.3. Update to a version after 3.0.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2026:22312

ALSA-2026:22313

ALSA-2026:22314

ALSA-2026:22315

CVE-2026-28390

ECHO-9D88-691E-4E0F

MGASA-2026-0091

OESA-2026-2041

OESA-2026-2042

OESA-2026-2043

OESA-2026-2044

OESA-2026-2045

OESA-2026-2189

OESA-2026-2190

OESA-2026-2191

OPENSUSE-SU-2026:10533-1

OPENSUSE-SU-2026:20525-1

RHSA-2026:14217

RHSA-2026:7261

SUSE-SU-2026:1375-1

SUSE-SU-2026:1386-1

SUSE-SU-2026:1429-1

SUSE-SU-2026:1549-1

SUSE-SU-2026:1550-1

SUSE-SU-2026:1562-1

SUSE-SU-2026:1577-1

SUSE-SU-2026:1605-1

SUSE-SU-2026:21107-1

SUSE-SU-2026:21186-1

SUSE-SU-2026:21244-1

USN-8155-1

USN-8155-2

Affected Products

Ibm Aix

Linuxmint

Openssl

Ubuntu

CVE-2026-28390

Weakness Enumeration

Related Identifiers

Affected Products

References · 118