CVE-2026-31790

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS modules versions 3.0 through 3.6

Description Applications using RSASVE key encapsulation can send contents of an uninitialized memory buffer to a malicious peer, potentially leading to sensitive data leakage. This occurs when applications use EVP PKEY encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key. The RSA public encrypt() function returns the number of bytes written on success and -1 on error, but the affected code only checks if the return value is non-zero. If RSA encryption fails, the encapsulation can still return success, allowing the caller to use uninitialized ciphertext. Calling EVP PKEY public check() or EVP PKEY public check quick() before EVP PKEY encapsulate() can mitigate this issue.

Recommendations Apply the OpenSSL April 2026 security update immediately. If you cannot update immediately, call EVP PKEY public check() or EVP PKEY public check quick() before EVP PKEY encapsulate() as a mitigation. Audit uses of RSASVE/EVP PKEY encapsulate() and ensure public keys are validated prior to encapsulation. Rotate keys/secrets if exposure is suspected.