CVE-2026-42769
Analyzed Analyzed - Analysis Complete

Certificate Validation Bypass in OpenSSL CMP

Publication date: 2026-06-09

Last updated on: 2026-06-15

Assigner: OpenSSL Software Foundation

Description
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level. Impact Summary: The Registration Autority could replace the root CA certificate for the CMP clients with an arbitrary root CA certificate. One of the parts of the Certificate Management Protocol (CMP), specified in RFC 9810, is Root Certification Authority (root CA) key Rollover, which is sent by the server in a message with type 'id-it-rootCaKeyUpdate'. As part of these messages, 'newWithOld' certificate, the new root CA certificate signed with the old root CA key, is provided, and verifying its signature is crucial for transferring the trust from the old CA key to the new one. The 'id-it-rootCaKeyUpdate' messages are expected to be processed with OSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld' certificate. A typo in the certificate chain building code led to adding an incorrect certificate ('newWithOld' instead of 'oldRoot') to the certificate chain, rendering the certificate verification process ineffectual (only the issuer name and the algorithm OIDs were verified by other parts of the verification code). An attacker who already has credentials that satisfy the CMP message protection checks can generate a new key pair and use a crafted self-signed certificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP clients would accept as a new trust anchor. Significant preconditions for the attack (having valid RA-level credentials) are the reason the issue was assigned Low severity. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-15
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-28
NVD
CVE-2026-42769
EUVD
EUVD-2026-35486

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
openssl openssl From 3.4.0 (inc) to 3.4.6 (exc)
openssl openssl From 3.5.0 (inc) to 3.5.7 (exc)
openssl openssl From 3.6.0 (inc) to 3.6.3 (exc)
openssl openssl 4.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves an error in the certificate validation process during the handling of root CA key update messages in the Certificate Management Protocol (CMP). Detection would require monitoring CMP messages, specifically those with the type 'id-it-rootCaKeyUpdate', and verifying whether the certificate validation process correctly checks the 'newWithOld' certificate signature against the old root CA key.

Since the issue is related to incorrect certificate chain validation in OpenSSL CMP clients, detection on a system could involve checking the OpenSSL version for the presence of the fix and monitoring CMP traffic for suspicious root CA key update messages that might contain self-signed or improperly validated certificates.

No explicit detection commands are provided in the available resources. However, general commands to check OpenSSL version and verify certificate chains might help identify vulnerable setups or suspicious certificates.

  • Check OpenSSL version to ensure it includes the fix: `openssl version`
  • Use OpenSSL commands to inspect CMP messages or certificates, for example: `openssl cmp` commands if available, or `openssl verify` to manually verify certificates.
  • Monitor network traffic for CMP messages with type 'id-it-rootCaKeyUpdate' using packet capture tools like tcpdump or Wireshark.
Executive Summary

This vulnerability is caused by an error in the callback function used to verify the certificate provided in a Root CA key update message within the Certificate Management Protocol (CMP). Specifically, a typo in the certificate chain building code caused an incorrect certificate to be added to the chain, making the certificate verification ineffective.

As a result, an attacker who already has Registration Authority (RA) level credentials can exploit this flaw by generating a new key pair and using a crafted self-signed certificate in the CMP root CA key update messages. The affected CMP clients would incorrectly accept this certificate as a new trusted root CA, effectively allowing escalation of credentials from RA level to root CA level.

Impact Analysis

The vulnerability allows an attacker with valid RA-level credentials to replace the root CA certificate for CMP clients with an arbitrary root CA certificate. This means the attacker could escalate their privileges from RA level to root CA level, gaining the ability to issue trusted certificates and potentially compromise the trust model of the affected systems.

However, the severity is considered low because the attacker must already have valid RA-level credentials to exploit this issue.

Compliance Impact

The vulnerability allows an attacker with valid Registration Authority (RA) level credentials to escalate privileges to the root Certification Authority (root CA) level by exploiting a flaw in certificate validation during root CA key updates. This could lead to unauthorized issuance of root CA certificates, potentially undermining the trust model of certificate-based security.

Such a compromise of the root CA trust anchor could impact compliance with security standards and regulations like GDPR and HIPAA, which require strong controls over identity and access management, data integrity, and secure communications. If an attacker can impersonate or issue trusted certificates, it may lead to unauthorized access or data breaches, thereby violating these regulations.

However, the issue is rated as low severity due to the significant precondition of having valid RA-level credentials, and the affected code is outside the OpenSSL FIPS module boundary, which may limit its impact in FIPS-compliant environments.

Mitigation Strategies

The primary mitigation step is to update OpenSSL to a version that includes the fix for CVE-2026-42769. The fix corrects the certificate validation logic to properly verify the 'newWithOld' certificate in root CA key update messages.

Since the vulnerability requires an attacker to have valid Registration Authority (RA) level credentials, limiting access and ensuring strong credential management for CMP clients is also important.

Additionally, monitoring CMP traffic for suspicious root CA key update messages and validating certificates carefully can help mitigate exploitation risks.

  • Upgrade OpenSSL to a patched version that includes the fix (refer to commits such as d35cd47, 777b363, d531f21, or 54d0989).
  • Restrict and audit RA-level credentials to prevent unauthorized use.
  • Monitor CMP messages for unusual root CA key update attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart