CVE-2026-9076
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: OpenSSL Software Foundation

Description
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not revealed to the attacker. The key unwrapping function performs a check-byte test as specified in the RFC that reads 7 bytes from a heap allocation that is based on the wrapped key length from the message. There is a minimum length check based on the block length of the wrapping cipher. However the cipher is selected from an OID carried in the attacker's PWRI keyEncryptionAlgorithm with no requirement that the cipher be a block cipher. When an attacker selects a stream-mode cipher the guard will be ineffective and the allocated buffer containing the unwrapped key can be too small to fit the check-bytes specified in the RFC and a buffer over-read can happen. Applications calling CMS_decrypt() or CMS_decrypt_set1_password() (equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS data are vulnerable to this issue. No password knowledge is required: the over-read happens during the unwrap attempt before any authentication succeeds. The over-read is limited to a few bytes and is not written to output, so there is no information disclosure. Triggering a crash requires the allocation to border unmapped memory, which is unlikely with the normal allocator. The FIPS modules are not affected by this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-9076
EUVD
EUVD-2026-35475
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openssl openssl *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the CMS password-based decryption process when handling attacker-supplied CMS data. Specifically, an attacker can choose a stream-mode KEK cipher that causes a heap out-of-bounds read in the function kek_unwrap_key().

The key unwrapping function reads 7 bytes from a heap allocation based on the wrapped key length. However, the cipher used is selected by the attacker without requiring it to be a block cipher. If a stream-mode cipher is chosen, the allocated buffer may be too small, leading to a buffer over-read.

This over-read happens during the unwrap attempt before any authentication, and no password knowledge is needed. Although the over-read is limited to a few bytes and does not disclose information, it can cause a crash if the buffer borders unmapped memory.

Impact Analysis

The primary impact of this vulnerability is a potential Denial of Service (DoS) condition. A heap buffer over-read may cause the application to crash if the input buffer ends at a memory page boundary and the following page is unmapped.

There is no information disclosure because the over-read bytes are not revealed to the attacker. However, the crash can disrupt the availability of the affected application.

Compliance Impact

This vulnerability causes a heap buffer over-read that may lead to a denial of service (DoS) by crashing the application processing attacker-supplied CMS data. However, it does not result in information disclosure or unauthorized access to sensitive data.

Since there is no information disclosure or compromise of data confidentiality or integrity, the vulnerability does not directly impact compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal and sensitive information.

Nevertheless, the potential for denial of service could affect availability, which is a component of security standards. Organizations relying on vulnerable OpenSSL CMS decryption functions should consider this risk in their overall security posture and incident response planning.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9076. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart