Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-42766— Possible NULL Dereference in Password-Based CMS Decryption

AI Predicted 5.3 Difficulty: Easy EPSS 0.60% · P44

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service

Affected Version Matrix 7

VendorProductVersion RangeStatus
OpenSSLOpenSSL4.0.0< 4.0.1affected
3.6.0< 3.6.3affected
3.5.0< 3.5.7affected
3.4.0< 3.4.6affected
3.0.0< 3.0.21affected
1.1.1< 1.1.1zhaffected
1.0.2< 1.0.2zqaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-42766

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Possible NULL Dereference in Password-Based CMS Decryption
Source: NVD (National Vulnerability Database)
Vulnerability Description
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as OPTIONAL in the ASN.1 specification and may therefore be absent in specially crafted inputs. During the password-based CMS decryption the OpenSSL CMS implementation dereferences this field without first checking whether it was present. An attacker who supplies such a CMS message to an application performing password-based CMS decryption can trigger an application crash, leading to a Denial of Service. Applications that process password-encrypted CMS messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenSSL 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在代码问题漏洞,该漏洞源于CMS解密时处理密码加密消息中缺失的keyDerivationAlgorithm字段导致空指针取消引用,可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenSSLOpenSSL 4.0.0 ~ 4.0.1 -

II. Public POCs for CVE-2026-42766

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-42766

登录查看更多情报信息。

Patches & Fixes for CVE-2026-42766 (5)

Vendor Advisories for CVE-2026-42766 (1)

Same Patch Batch · OpenSSL · 2026-06-09 · 18 CVEs total

CVE-2026-45445AES-OCB IV Ignored on EVP_Cipher() Path
CVE-2026-34183Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
CVE-2026-34181PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
CVE-2026-34180Heap Buffer Over-read in ASN.1 Content Parsing
CVE-2026-34182CMS AuthEnvelopedData Processing May Accept Forged Messages
CVE-2026-9076Out-of-Bounds Read in CMS Password-Based Decryption
CVE-2026-35188Double-free When Checking OCSP Stapled Response
CVE-2026-7383Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
CVE-2026-45446Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
CVE-2026-42771Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
CVE-2026-45447Heap Use-After-Free in the PKCS7_verify() Function
CVE-2026-42768Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
CVE-2026-42769Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
CVE-2026-42767NULL Pointer Dereference in CRMF EncryptedValue Decryption
CVE-2026-42764NULL Pointer Dereference in QUIC Server Initial Packet Handling
CVE-2026-42770FFC-DH Peer Validation Uses Attacker-Supplied q
CVE-2026-42765NULL Dereference in Certificate Verification with OCSP Checking

IV. Related Vulnerabilities

V. Comments for CVE-2026-42766

No comments yet


Leave a comment