CVE-2026-28390
Published:April 07, 2026
Updated:April 20, 2026
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyTransportRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with
RSA-OAEP encryption is processed, the optional parameters field of
RSA-OAEP SourceFunc algorithm identifier is examined without checking
for its presence. This results in a NULL pointer dereference if the field
is missing.
Applications and services that call CMS_decrypt() on untrusted input
(e.g., S/MIME processing or CMS-based protocols) are vulnerable.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Affected Packages
openssl (CONAN):
Affected version(s) =1.0.2u <1.0.2zpFix Suggestion:
Update to version 1.0.2zpopenssl (CONAN):
Affected version(s) >=3.5.0 <3.5.6Fix Suggestion:
Update to version 3.5.6openssl (CONAN):
Affected version(s) >=3.6.0 <3.6.2Fix Suggestion:
Update to version 3.6.2openssl (CONAN):
Affected version(s) >=3.3.1 <3.3.7Fix Suggestion:
Update to version 3.3.7openssl (CONAN):
Affected version(s) >=3.4.0 <3.4.5Fix Suggestion:
Update to version 3.4.5openssl (CONAN):
Affected version(s) >=1.1.1p <1.1.1zgFix Suggestion:
Update to version 1.1.1zgopenssl (CONAN):
Affected version(s) >=3.0.5 <3.0.20Fix Suggestion:
Update to version 3.0.20openssl (CONDA):
Affected version(s) >=3.0.0 <3.0.20Fix Suggestion:
Update to version 3.0.20openssl (CONDA):
Affected version(s) >=3.3.0 <3.3.7Fix Suggestion:
Update to version 3.3.7openssl (CONDA):
Affected version(s) >=1.1.1a <1.1.1zgFix Suggestion:
Update to version 1.1.1zgopenssl (CONDA):
Affected version(s) >=3.5.0 <3.5.6Fix Suggestion:
Update to version 3.5.6openssl (CONDA):
Affected version(s) >=3.6.0 <3.6.2Fix Suggestion:
Update to version 3.6.2openssl (CONDA):
Affected version(s) >=1.0.2d <1.0.2zpFix Suggestion:
Update to version 1.0.2zpopenssl (CONDA):
Affected version(s) >=3.4.0 <3.4.5Fix Suggestion:
Update to version 3.4.5https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.6.0 <openssl-3.6.2Fix Suggestion:
Update to version openssl-3.6.2https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=OpenSSL_1_0_2 <openssl-1.0.2zpFix Suggestion:
Update to version openssl-1.0.2zphttps://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.5.0 <openssl-3.5.6Fix Suggestion:
Update to version openssl-3.5.6https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.3.0 <openssl-3.3.7Fix Suggestion:
Update to version openssl-3.3.7https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.4.0 <openssl-3.4.5Fix Suggestion:
Update to version openssl-3.4.5https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=OpenSSL_1_1_1 <openssl-1.1.1zgFix Suggestion:
Update to version openssl-1.1.1zghttps://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=openssl-3.0.0 <openssl-3.0.20Fix Suggestion:
Update to version openssl-3.0.20Related Resources (7)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
EPSS
Base Score:
0.03
