Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Incorrect Failure Handling in OpenSSL RSA KEM RSASVE Encapsulation

IdentifiersCVE-2026-31790CWE-252

CVE-2026-31790 is an OpenSSL vulnerability in RSA KEM RSASVE encapsulation. Applications using EVP_PKEY_encapsulate() with RSA/RSASVE can disclose stale or uninitialized contents of a caller-provided ciphertext buffer to a malicious peer when encapsulation is attempted with an attacker-supplied invalid RSA public key that has not been validated first. The root cause is incorrect failure handling around RSA_public_encrypt(): the affected code checks only whether the return value is non-zero, even though RSA_public_encrypt() returns the number of bytes written on success and -1 on error. Because -1 is non-zero, an encryption failure can be misinterpreted as success, output lengths can be set, and the caller may transmit buffer contents as though a valid KEM ciphertext had been produced. The issue affects OpenSSL 3.0, 3.3, 3.4, 3.5, and 3.6, and the corresponding FIPS modules in 3.0, 3.1, 3.3, 3.4, 3.5, and 3.6 are also affected.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause disclosure of sensitive process memory contents to an attacker. The leaked data may consist of stale or uninitialized bytes remaining in the application-provided ciphertext buffer, potentially including sensitive data from earlier execution within the same process. The primary security consequence is information disclosure to a malicious peer during RSA KEM encapsulation; the provided content does not indicate code execution or privilege escalation.

Mitigation

If you can’t patch tonight, do this now.

As a workaround, validate RSA public keys before calling EVP_PKEY_encapsulate() by using EVP_PKEY_public_check() or EVP_PKEY_public_check_quick(). More generally, avoid performing RSASVE encapsulation on attacker-supplied or otherwise untrusted RSA public keys unless they have been explicitly validated first.

Remediation

Patch, then assume compromise.

Upgrade OpenSSL to a fixed release for the affected branch. The provided content identifies OpenSSL 3.6.2, 3.5.6, 3.4.5, 3.3.7, and 3.0.20 as releases that fix CVE-2026-31790. Where applicable, consume vendor-packaged updates that incorporate these fixes. Affected FIPS-capable deployments should also update to builds containing the corrected FIPS module for the relevant branch.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

23 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

23 SOURCESView more in app
alpinelinuxNews
Apr 15, 2026
Alpine Linue stable releases 3.20.10, 3.21.7, 3.22.4, 3.23.4 | Alpine Linux

A specific vulnerability in OpenSSL addressed in Alpine Linux stable releases 3.20.10, 3.21.7, 3.22.4, and 3.23.4.

Read more
help net securityNews
Apr 8, 2026
OpenSSL 3.6.2 lands with eight CVE fixes - Help Net Security

Incorrect failure handling in RSA KEM RSASVE encapsulation in OpenSSL.

Read more
cyberthroneNews
Apr 8, 2026
OpenSSL 3.6.2: The Moderate Severity Wave - TheCyberThrone

Incorrect failure handling in RSA KEM RSASVE encapsulation that could leave encapsulation in an inconsistent state.

Read more
openssl libraryNews
Apr 7, 2026
OpenSSL Release Announcement for 3.6.2, 3.5.6, 3.4.5, 3.3.7, 3.0.20, 1.1.1zg and 1.0.2zp | OpenSSL Library

Incorrect failure handling in RSA KEM RSASVE encapsulation in OpenSSL.

Read more
+1 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity17

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-31790
NVD
nvd.nist.gov/vuln/detail/CVE-2026-31790
MITRE CWE · CWE-252
cwe.mitre.org
Patch
github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac
Patch
github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482
Patch
github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406
Patch
github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790
Patch
github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e
Vendor Advisory
openssl-library.org/news/secadv/20260407.txt
cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-032379.html