CVE-2026-28390 Overview
CVE-2026-28390 is a Null Pointer Dereference vulnerability in OpenSSL's CMS (Cryptographic Message Syntax) processing functionality. During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo, a NULL pointer dereference can occur when the optional parameters field of the RSA-OAEP SourceFunc algorithm identifier is missing.
Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur, resulting in a Denial of Service condition. This vulnerability specifically affects applications and services that call CMS_decrypt() on untrusted input, such as S/MIME email processing or CMS-based protocols.
Critical Impact
Applications processing untrusted CMS EnvelopedData messages with RSA-OAEP encryption are vulnerable to crash-based denial of service attacks without requiring authentication.
Affected Products
- OpenSSL (versions prior to security patches)
- Applications using CMS_decrypt() on untrusted input
- S/MIME processing services and CMS-based protocol implementations
Discovery Timeline
- April 7, 2026 - CVE-2026-28390 published to NVD
- April 8, 2026 - Last updated in NVD database
Technical Details for CVE-2026-28390
Vulnerability Analysis
This vulnerability exists in OpenSSL's CMS decryption functionality within the rsa_cms_decrypt function located in crypto/cms/cms_rsa.c. When processing a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption, the code examines the optional parameters field of the RSA-OAEP SourceFunc algorithm identifier without first verifying that the field is present.
The root cause is a missing NULL check before accessing the parameters field. When an attacker crafts a malicious CMS message where this optional field is deliberately omitted, the code attempts to dereference a NULL pointer, causing the application to crash. This crash occurs before any authentication or cryptographic validation takes place, making it trivially exploitable by any attacker who can supply CMS data to a vulnerable application.
The FIPS modules in OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.0 are not affected by this issue, as the vulnerable code is outside the OpenSSL FIPS module boundary.
Root Cause
The vulnerability stems from CWE-476 (NULL Pointer Dereference). The rsa_cms_decrypt function in crypto/cms/cms_rsa.c fails to validate that the optional RSA-OAEP parameters field exists before attempting to access it. When processing KeyTransportRecipientInfo structures, the code assumes the presence of algorithm parameters that are actually optional according to the CMS specification.
Attack Vector
An attacker can exploit this vulnerability by sending a specially crafted CMS EnvelopedData message to any application that processes untrusted CMS data. Attack scenarios include:
- Sending malicious S/MIME encrypted emails to mail servers or clients that perform decryption
- Submitting crafted CMS data to web services that process encrypted payloads
- Exploiting CMS-based authentication or key exchange protocols
The attack requires no authentication and can be performed remotely by any attacker capable of delivering CMS data to the target application.
// Security patch in crypto/cms/cms_rsa.c - Fix NULL deref in rsa_cms_decrypt
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
- unsigned char *label = NULL;
+ const unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
+ const ASN1_OBJECT *aoid;
+ const void *parameter = NULL;
+ int ptype = 0;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (pkctx == NULL)
Source: GitHub OpenSSL Commit #01194a8
Detection Methods for CVE-2026-28390
Indicators of Compromise
- Unexpected application crashes in processes handling CMS or S/MIME data
- Core dumps or crash logs showing NULL pointer dereference in rsa_cms_decrypt or related CMS functions
- Repeated service restarts for mail servers or CMS-processing applications
- Segmentation faults occurring during CMS decryption operations
Detection Strategies
- Monitor application logs for segmentation faults or NULL pointer exceptions in OpenSSL CMS processing functions
- Implement crash monitoring for services that handle S/MIME or CMS-encrypted data
- Deploy network intrusion detection rules to identify malformed CMS EnvelopedData structures with missing RSA-OAEP parameters
- Use application performance monitoring to detect abnormal crash rates in CMS-processing services
Monitoring Recommendations
- Enable core dump collection and analysis for applications using OpenSSL CMS functions
- Configure alerting on repeated crashes of S/MIME or CMS-processing services
- Monitor OpenSSL version inventory across infrastructure to identify unpatched systems
- Implement log aggregation to correlate crash events with incoming CMS data sources
How to Mitigate CVE-2026-28390
Immediate Actions Required
- Upgrade OpenSSL to the latest patched version addressing CVE-2026-28390
- Identify all applications and services using CMS_decrypt() on untrusted input
- Prioritize patching for internet-facing S/MIME gateways and CMS-processing services
- Review application architecture to limit exposure of CMS decryption functions to untrusted input
Patch Information
OpenSSL has released security patches to address this vulnerability. Multiple commits have been made across different OpenSSL branches to fix the NULL pointer dereference in rsa_cms_decrypt:
- GitHub OpenSSL Commit #01194a8
- GitHub OpenSSL Commit #2e39b7a
- GitHub OpenSSL Commit #af2a5fe
- GitHub OpenSSL Commit #ea7b4ea
- GitHub OpenSSL Commit #fd2f1a6
For complete details, refer to the OpenSSL Security Advisory April 2026.
Workarounds
- Implement input validation to reject CMS EnvelopedData messages with missing RSA-OAEP parameters before passing to CMS_decrypt()
- Deploy application-level rate limiting to mitigate denial of service impact
- Consider using FIPS-validated OpenSSL modules (3.0, 3.3, 3.4, 3.5, 3.6) which are not affected by this vulnerability
- Isolate CMS processing into sandboxed environments to limit crash impact on critical services
# Check OpenSSL version to verify patch status
openssl version -a
# Verify if your application uses CMS functions
ldd /path/to/application | grep ssl
nm /path/to/application | grep -i cms_decrypt
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
