CVE-2026-35188
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: OpenSSL Software Foundation

Description
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a double-free, potentially leading to a Denial of Service or possibly an attacker controlled code execution or other undefined behavior. If OCSP stapling is enabled and the TLS client connects to a malicious server, a crafted OCSP stapled response can trigger a double free in the TLS client when the stapled response is checked. The OCSP stapling is not enabled by default. Reliable code execution through a double-free is technically complex and highly environment-dependent but the Denial of Service impact is straightforward to achieve, warranting Moderate severity. No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-35188
EUVD
EUVD-2026-35480
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openssl openssl *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability involves a flaw in the TLS OCSP stapling feature where a malicious server can send a specially crafted OCSP response through the status_request extension. This crafted response triggers a double-free error in the client's certificate verification process.

A double-free occurs when the same memory is freed twice, which can corrupt the heap memory and cause unpredictable behavior in the client application.

Impact Analysis

If successfully exploited, this vulnerability can corrupt heap memory in the TLS client, potentially leading to a Denial of Service (DoS) where the client application crashes or becomes unresponsive.

In some cases, it might allow an attacker to execute arbitrary code or cause other undefined behaviors, although achieving reliable code execution is complex and depends heavily on the environment.

Since OCSP stapling is not enabled by default, the risk is limited to clients that have this feature enabled and connect to a malicious server.

Mitigation Strategies

To mitigate this vulnerability, ensure that OCSP stapling is disabled if it is not required, as it is not enabled by default.

Avoid connecting TLS clients to untrusted or potentially malicious servers that could deliver crafted OCSP stapled responses.

Monitor for updates or patches from OpenSSL and apply them promptly once available to address this double-free issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35188. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart