CVE-2026-42766 Overview
CVE-2026-42766 is a NULL pointer dereference vulnerability [CWE-476] in the OpenSSL Cryptographic Message Syntax (CMS) implementation. The flaw resides in the password-based CMS decryption path. The PasswordRecipientInfo.keyDerivationAlgorithm field is marked OPTIONAL in the ASN.1 specification, yet the OpenSSL CMS code dereferences this field without verifying its presence. An attacker who supplies a specially crafted password-encrypted CMS message to an application performing password-based CMS decryption can trigger an application crash, resulting in Denial of Service.
Critical Impact
Remote attackers can crash applications that decrypt password-encrypted CMS messages by supplying input that omits the optional keyDerivationAlgorithm field, leading to Denial of Service.
Affected Products
- OpenSSL implementations exposing password-based CMS decryption (non-FIPS code paths)
- Applications processing password-encrypted CMS messages via OpenSSL
- Note: FIPS modules in OpenSSL 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected, as the vulnerable code lies outside the FIPS module boundary
Discovery Timeline
- 2026-06-09 - OpenSSL publishes the OpenSSL Security Advisory
- 2026-06-09 - CVE-2026-42766 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-42766
Vulnerability Analysis
The vulnerability sits in OpenSSL's CMS implementation when handling password-encrypted content. CMS supports several recipient information structures, and PasswordRecipientInfo enables encryption of content under a password-derived key. Inside this structure, the keyDerivationAlgorithm field is defined as OPTIONAL in the ASN.1 schema, meaning a valid encoded message may omit it entirely.
The OpenSSL CMS decryption logic assumes this field is always populated. When the routine receives a parsed PasswordRecipientInfo lacking keyDerivationAlgorithm, it accesses the absent field directly. The dereference of the resulting NULL pointer terminates the process. Any application invoking password-based CMS decryption on attacker-controlled input is exposed.
Root Cause
The root cause is a missing presence check before dereferencing an OPTIONAL ASN.1 field [CWE-476]. The CMS decryption path treats PasswordRecipientInfo.keyDerivationAlgorithm as mandatory in code while the specification permits absence, producing a contract mismatch between parser output and consumer expectations.
Attack Vector
Exploitation requires the attacker to supply a crafted CMS blob to a target application that performs password-based CMS decryption. The vector is network-reachable wherever the application accepts CMS messages from untrusted sources, such as email gateways, document processing services, or file ingestion pipelines. No authentication or user interaction is required, but attack complexity is elevated because the attacker must reach a code path that calls password-based CMS decryption with attacker-controlled bytes.
The vulnerability mechanism is described in detail in the OpenSSL Security Advisory and the upstream fixes in GitHub OpenSSL Commit 056d06c1 and GitHub OpenSSL Commit 12bc26ff.
Detection Methods for CVE-2026-42766
Indicators of Compromise
- Unexpected crashes or segmentation faults in processes linking against OpenSSL while parsing CMS data
- Repeated termination of services that ingest S/MIME, CMS, or PKCS#7 password-encrypted payloads
- Core dumps with stack frames inside OpenSSL CMS password-recipient decryption routines
Detection Strategies
- Inventory binaries linked against vulnerable OpenSSL versions and flag those invoking CMS password-based decryption APIs
- Inspect ingress channels (mail, file upload, API endpoints) for CMS messages with PasswordRecipientInfo structures missing the keyDerivationAlgorithm field
- Correlate process crash events with preceding receipt of CMS-formatted input to identify exploitation attempts
Monitoring Recommendations
- Enable crash reporting and core dump collection on services that perform CMS decryption
- Monitor for abnormal restart loops on daemons handling encrypted message ingestion
- Alert on parsing errors and unhandled exceptions emitted by OpenSSL CMS routines in application logs
How to Mitigate CVE-2026-42766
Immediate Actions Required
- Identify all systems and applications that perform password-based CMS decryption using OpenSSL
- Apply the official OpenSSL patches referenced in the security advisory as soon as updated packages are available from your distribution
- Restrict exposure of CMS decryption endpoints to trusted senders until patching is complete
Patch Information
OpenSSL has merged fixes that validate the presence of PasswordRecipientInfo.keyDerivationAlgorithm before dereference. The relevant upstream commits are 056d06c1, 12bc26ff, 3ff64913, ab52d88c, and da26f368. Refer to the OpenSSL Security Advisory for version-specific guidance.
Workarounds
- Disable password-based CMS decryption where the workflow does not require it, preferring certificate-based recipient info instead
- Pre-validate inbound CMS messages with a hardened parser that rejects PasswordRecipientInfo structures missing required algorithm identifiers
- Run CMS-processing services under supervisors that contain crashes and rate-limit restarts to reduce the operational impact of attempted exploitation
# Verify the installed OpenSSL version and check for password-based CMS usage
openssl version -a
# Audit binaries linked against libcrypto for CMS symbol usage
ldd /path/to/application | grep -i crypto
nm -D /path/to/application 2>/dev/null | grep -i 'CMS_decrypt\|PasswordRecipientInfo'
# Update OpenSSL via the system package manager once the vendor ships fixed packages
# Debian/Ubuntu
sudo apt update && sudo apt install --only-upgrade openssl libssl3
# RHEL/Rocky/Alma
sudo dnf update openssl openssl-libs
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
