CVE-2026-34182
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: OpenSSL Software Foundation

Description
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve key-equivalent functionality for a given CMS recipient and/or bypass integrity validation for a given message. In one use case, an attacker may send a CMS message containing AuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL erroneously allows this selection, and attempts to decrypt and validate the message. An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData addressed to the victim can re-emit it with the recipientInfos set left byte-for-byte intact, so the victim's private key still unwraps the genuine CEK (the content-encryption key), but with the inner OID rewritten to AES-256-OFB (Output Feedback Mode, an unauthenticated keystream mode) and with an attacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the real CEK, never consults the MAC field, and CMS_decrypt() returns success. If the application under attack responds to the attacker with any indicator showing success or failure of the decryption effort, it is possible for the attacker to use this as an oracle to obtain key equivalent functionality for the CEK used for the chosen recipient of the message. In another use case, an attacker can reduce the tag length of the chosen AEAD cipher for a given AuthEnvelopedData container to be a single byte long, allowing an attacker to brute force CMS decryption, producing an integrity bypass for applications that trust CMS_decrypt() to reject modified content. The FIPS modules are not affected by this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-34182
EUVD
EUVD-2026-35478
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openssl openssl *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-354 The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves Cryptographic Message Services (CMS) processing in OpenSSL failing to properly validate input fields related to cipher and tag lengths in AuthEnvelopedData containers.

Because of this, attackers can exploit the flaw to bypass integrity checks or gain key-equivalent functionality for a CMS recipient.

For example, an attacker can send a CMS message specifying a non-AEAD cipher, which OpenSSL incorrectly accepts and attempts to decrypt.

Another attack involves an on-path attacker capturing a legitimate AES-GCM AuthEnvelopedData message and replaying it with modifications that cause the victim to decrypt using AES-256-OFB, an unauthenticated mode, bypassing integrity validation.

Additionally, attackers can reduce the authentication tag length to a single byte, enabling brute force attacks to bypass integrity checks in applications relying on CMS_decrypt() to reject tampered content.

Notably, FIPS modules are not affected by this issue.

Impact Analysis

This vulnerability can have serious security impacts including:

  • Attackers may achieve key-equivalent functionality for a CMS recipient, effectively allowing them to decrypt or manipulate messages as if they had the recipient's key.
  • Attackers can bypass integrity validation, meaning they can alter encrypted messages without detection.
  • On-path attackers can replay and modify captured messages to force the victim to decrypt using insecure cipher modes, potentially exposing sensitive data.
  • Applications that rely on CMS_decrypt() to verify message integrity may be vulnerable to brute force attacks due to reduced tag length, leading to unauthorized data access or manipulation.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34182. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart