Known Vulnerabilities for products from OpenSSL
Listed below are 20 of the newest known vulnerabilities associated with the vendor "OpenSSL".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48697 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-45447 json | Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature ver... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-45446 json | Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Addi... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-45445 json | Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the applicat... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-44699 json | Not Provided | 2026-05-15 | 2026-05-15 | |
| CVE-2026-44662 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-44312 json | Not Provided | 2026-05-14 | 2026-05-15 | |
| CVE-2026-42771 json | Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such a... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-42770 json | Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked fo... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-42769 json | Not Provided | 2026-06-09 | 2026-06-10 | |
| CVE-2026-42768 json | Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is ... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-42767 json | Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference i... | Not Provided | 2026-06-09 | 2026-06-16 |
| CVE-2026-42766 json | Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryptio... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-42765 json | Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole ch... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-42764 json | Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QU... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-35188 json | Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request e... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-34183 json | Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_C... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-34182 json | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-34181 json | Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Mes... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-34180 json | Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in le... | Not Provided | 2026-06-09 | 2026-06-15 |
Known software with vulnerabilities from OpenSSL
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openssl | Fips Object Module | - |
| Application | Openssl | Openssl | - |