CVE-2026-35188

{"id": "CVE-2026-35188", "cveTags": [], "metrics": {}, "published": "2026-06-09T17:17:05.437", "references": [{"url": "https://github.com/openssl/openssl/commit/131145d25659e8749a9ed1afb383484854cffb78", "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/78d0154cffda03aaaac63a087cc523a6b35fa8fd", "source": "openssl-security@openssl.org"}, {"url": "https://openssl-library.org/news/secadv/20260609.txt", "source": "openssl-security@openssl.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "openssl-security@openssl.org", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "Issue summary: A malicious server can exploit TLS OCSP stapling by delivering\na crafted response through the status_request extension, triggering a\ndouble-free in the client's certificate verification path.\n\nImpact summary: Successful exploitation allows an attacker to corrupt heap\nmemory via a double-free, potentially leading to a Denial of Service or\npossibly an attacker controlled code execution or other undefined behavior.\n\nIf OCSP stapling is enabled and the TLS client connects to a malicious server,\na crafted OCSP stapled response can trigger a double free in the TLS client\nwhen the stapled response is checked.\n\nThe OCSP stapling is not enabled by default. Reliable code execution\nthrough a double-free is technically complex and highly environment-dependent\nbut the Denial of Service impact is straightforward to achieve, warranting\nModerate severity.\n\nNo FIPS modules are affected by this issue as the affected code is outside\nthe OpenSSL FIPS module boundary."}], "lastModified": "2026-06-10T08:16:23.123", "sourceIdentifier": "openssl-security@openssl.org"}