CVE-2026-9076

HIGH

CVSS v3.1: 7.5

NetworkNo privilegesNo user interactionOut-of-bounds ReadVendor advisory ref

Source data as of:

At a glance

Severity
HIGH
CVSS
7.5 v3.1 · NVD
EPSS
EPSS not provided by FIRST.org for this CVE
CISA KEV
No
Type
Out-of-bounds Read · NVD CWE
Attack conditions (CVSS vector)
NetworkNo privilegesNo user interaction · Source: NVD Vector
Published
2026-06-09 · Modified: 2026-06-09
References
Jump to references (6)

CVSS / EPSS / KEV

CVSS v3.1 7.5 / 10 HIGH Source: NVD
EPSS EPSS not provided by FIRST.org for this CVE Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not revealed to the attacker. The key unwrapping function performs a check-byte test as specified in the RFC that reads 7 bytes from a heap allocation that is based on the wrapped key length from the message. There is a minimum length check based on the block length of the wrapping cipher. However the cipher is selected from an OID carried in the attacker's PWRI keyEncryptionAlgorithm with no requirement that the cipher be a block cipher. When an attacker selects a stream-mode cipher the guard will be ineffective and the allocated buffer containing the unwrapped key can be too small to fit the check-bytes specified in the RFC and a buffer over-read can happen. Applications calling CMS_decrypt() or CMS_decrypt_set1_password() (equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS data are vulnerable to this issue. No password knowledge is required: the over-read happens during the unwrap attempt before any authentication succeeds. The over-read is limited to a few bytes and is not written to output, so there is no information disclosure. Triggering a crash requires the allocation to border unmapped memory, which is unlikely with the normal allocator. The FIPS modules are not affected by this issue.

Record details

CVE ID
CVE-2026-9076
CVSS (v3.1)
7.5 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability subscore
3.9
Impact subscore
3.6
CISA KEV
No
Weakness (CWE)
CWE-125
Affected configurations (CPE)
0
Published
2026-06-09
Modified
2026-06-09
Status
Awaiting Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same weakness type (CWE)

CVE-2026-46155 CRITICAL CVSS 9.1 CVE-2026-10941 HIGH CVSS 8.8 CVE-2026-11191 HIGH CVSS 8.8 CVE-2026-11645 HIGH CVSS 8.8 KEV

Published the same year

CVE-2026-10520 CRITICAL CVSS 10.0 CVE-2026-11429 CRITICAL CVSS 10.0 CVE-2026-47938 CRITICAL CVSS 10.0 CVE-2026-48303 CRITICAL CVSS 10.0
← Back to all records