CVE-2026-42766

Analyzed Analyzed - Analysis Complete

NULL Pointer Dereference in OpenSSL CMS Decryption

Publication date: 2026-06-09

Last updated on: 2026-06-15

Assigner: OpenSSL Software Foundation

Description

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as OPTIONAL in the ASN.1 specification and may therefore be absent in specially crafted inputs. During the password-based CMS decryption the OpenSSL CMS implementation dereferences this field without first checking whether it was present. An attacker who supplies such a CMS message to an application performing password-based CMS decryption can trigger an application crash, leading to a Denial of Service. Applications that process password-encrypted CMS messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-15

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-42766

EUVD

EUVD-2026-35483

Affected Vendors & Products

Vendor	Product	Version / Range
openssl	openssl	From 1.0.2 (inc) to 1.0.2zq (exc)
openssl	openssl	From 1.1.1 (inc) to 1.1.1zh (exc)
openssl	openssl	From 3.0.0 (inc) to 3.0.21 (exc)
openssl	openssl	From 3.4.0 (inc) to 3.4.6 (exc)
openssl	openssl	From 3.5.0 (inc) to 3.5.7 (exc)
openssl	openssl	From 3.6.0 (inc) to 3.6.3 (exc)
openssl	openssl	4.0.0

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-476	The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability occurs when a specially crafted password-encrypted CMS message triggers a NULL pointer dereference during CMS decryption in OpenSSL.

The issue arises because the CMS PasswordRecipientInfo.keyDerivationAlgorithm field is optional and may be missing in some inputs, but the OpenSSL CMS implementation attempts to dereference this field without checking if it is present.

As a result, an attacker can supply such a crafted CMS message to cause the application to crash.

Impact Analysis

The primary impact of this vulnerability is that it can cause an application crash, leading to a Denial of Service (DoS).

Any application that processes password-encrypted CMS messages using the affected OpenSSL CMS implementation may be vulnerable to this crash.

Detection Guidance

This vulnerability causes a NULL pointer dereference during CMS password-based decryption, leading to an application crash and Denial of Service. Detection can focus on monitoring for application crashes or abnormal termination of processes handling CMS PasswordRecipientInfo messages.

Since the issue arises when processing specially crafted password-encrypted CMS messages with a missing keyDerivationAlgorithm field, detection could involve capturing and inspecting CMS messages for this condition.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation involves updating OpenSSL to a version that includes the patch fixing this NULL pointer dereference issue in CMS PasswordRecipientInfo processing.

The patch ensures that the keyDerivationAlgorithm field is checked for presence before dereferencing, preventing crashes during cryptographic operations.

Until the update is applied, avoid processing untrusted or specially crafted password-encrypted CMS messages that could trigger this vulnerability.

Hi! I’m here to help you understand CVE-2026-42766. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70