CVE-2026-28389

{"id": "CVE-2026-28389", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-04-07T22:16:21.030", "references": [{"url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://openssl-library.org/news/secadv/20260407.txt", "tags": ["Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "openssl-security@openssl.org", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."}], "lastModified": "2026-05-12T13:17:33.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE7957CC-80F0-4907-BFB5-AFB6994DDE3C", "versionEndExcluding": "1.0.2zp", "versionStartIncluding": "1.0.2"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "656A0540-5825-498E-A7AB-C14976FEE45D", "versionEndExcluding": "1.1.1zg", "versionStartIncluding": "1.1.1"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B28A8143-89A4-4332-A1F8-A65FB5AA829F", "versionEndExcluding": "3.0.20", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF303B21-D9BF-461D-B7B0-A3FE1D557A9F", "versionEndExcluding": "3.3.7", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCCE43D0-8F17-475D-9EE6-842F758A9905", "versionEndExcluding": "3.4.5", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6BC0271-444D-4597-BF05-DC60034EAA49", "versionEndExcluding": "3.5.6", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A9E621D-29D8-418A-BF37-BED333C14507", "versionEndExcluding": "3.6.2", "versionStartIncluding": "3.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}