CVE-2026-28389
Published:April 07, 2026
Updated:April 20, 2026
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is
processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier
is examined without checking for its presence. This results in a NULL
pointer dereference if the field is missing.
Applications and services that call CMS_decrypt() on untrusted input
(e.g., S/MIME processing or CMS-based protocols) are vulnerable.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Affected Packages
openssl (CONAN):
Affected version(s) >=1.1.1p <1.1.1zgFix Suggestion:
Update to version 1.1.1zgopenssl (CONAN):
Affected version(s) >=3.3.1 <3.3.7Fix Suggestion:
Update to version 3.3.7openssl (CONAN):
Affected version(s) >=3.4.0 <3.4.5Fix Suggestion:
Update to version 3.4.5openssl (CONAN):
Affected version(s) >=3.0.5 <3.0.20Fix Suggestion:
Update to version 3.0.20openssl (CONAN):
Affected version(s) >=3.6.0 <3.6.2Fix Suggestion:
Update to version 3.6.2openssl (CONAN):
Affected version(s) =1.0.2u <1.0.2zpFix Suggestion:
Update to version 1.0.2zpopenssl (CONAN):
Affected version(s) >=3.5.0 <3.5.6Fix Suggestion:
Update to version 3.5.6openssl (CONDA):
Affected version(s) >=3.4.0 <3.4.5Fix Suggestion:
Update to version 3.4.5openssl (CONDA):
Affected version(s) >=3.6.0 <3.6.2Fix Suggestion:
Update to version 3.6.2openssl (CONDA):
Affected version(s) >=3.5.0 <3.5.6Fix Suggestion:
Update to version 3.5.6openssl (CONDA):
Affected version(s) >=1.1.1a <1.1.1zgFix Suggestion:
Update to version 1.1.1zgopenssl (CONDA):
Affected version(s) >=3.0.0 <3.0.20Fix Suggestion:
Update to version 3.0.20openssl (CONDA):
Affected version(s) >=1.0.2d <1.0.2zpFix Suggestion:
Update to version 1.0.2zpopenssl (CONDA):
Affected version(s) >=3.3.0 <3.3.7Fix Suggestion:
Update to version 3.3.7https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.0.0 <openssl-3.0.20Fix Suggestion:
Update to version openssl-3.0.20https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=OpenSSL_1_0_2 <openssl-1.0.2zpFix Suggestion:
Update to version openssl-1.0.2zphttps://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.3.0 <openssl-3.3.7Fix Suggestion:
Update to version openssl-3.3.7https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.4.0 <openssl-3.4.5Fix Suggestion:
Update to version openssl-3.4.5https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.6.0 <openssl-3.6.2Fix Suggestion:
Update to version openssl-3.6.2https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.5.0 <openssl-3.5.6Fix Suggestion:
Update to version openssl-3.5.6https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=OpenSSL_1_1_1 <openssl-1.1.1zgFix Suggestion:
Update to version openssl-1.1.1zgRelated Resources (7)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
NULL Pointer Dereference
EPSS
Base Score:
0.06
