High

Out-of-bounds read in OpenSSL CMS password-based decryption

IdentifiersCVE-2026-9076CWE-125· Out-of-bounds Read

CVE-2026-9076 is a low-severity heap out-of-bounds read in OpenSSL's CMS password-based decryption path for RFC 3211 / PWRI key unwrap processing. When OpenSSL processes attacker-supplied CMS data, the attacker can choose the KEK cipher via the PWRI keyEncryptionAlgorithm OID. The vulnerable unwrap logic in kek_unwrap_key() performs the RFC-mandated check-byte test by reading 7 bytes from a heap allocation sized from the wrapped-key length in the message. Although a minimum-length guard exists, it is based on the wrapping cipher block length and is ineffective if the attacker selects a stream-mode cipher rather than a block cipher. In that case, the allocated buffer for the unwrapped key may be too small to contain the expected check bytes, leading to a heap buffer over-read during the unwrap attempt. The issue affects applications that call CMS_decrypt() or CMS_decrypt_set1_password(), including equivalent openssl cms -decrypt -pwri_password usage, on untrusted CMS input. The over-read occurs before password authentication succeeds, so no password knowledge is required to trigger it. The OpenSSL FIPS modules are not affected.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause a process crash and resulting denial of service if the small heap over-read crosses into unmapped memory, such as when the buffer ends at a page boundary and the following page is unmapped. The advisory states there is no information disclosure because the over-read bytes are not returned or otherwise exposed to the attacker. The practical impact is therefore limited to availability loss rather than confidentiality or integrity compromise.

Mitigation

If you can’t patch tonight, do this now.

Do not process untrusted CMS password-based encrypted content through CMS_decrypt() or CMS_decrypt_set1_password() until patched. Reject or strictly gate untrusted CMS inputs, especially PWRI-based encrypted CMS objects where the attacker controls the keyEncryptionAlgorithm OID. Where operationally feasible, avoid the affected password-based CMS decryption path or use unaffected FIPS module deployments, noting that the FIPS modules are not impacted by this issue.

Remediation

Patch, then assume compromise.

Upgrade OpenSSL to a vendor-fixed release that includes the June 9, 2026 security advisory fixes. The provided context indicates fixes were issued in supported branches including OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh, and 1.0.2zq, and downstream vendors such as Alpine, Debian, FreeBSD, and Microsoft have published corresponding updates. Apply the appropriate package or base-system update for the affected platform and restart dependent services or reboot if required by the vendor.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

FreebsdFreebsdapplication

OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

26 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

26 SOURCESView more in app

alpinelinuxNews

Jun 21, 2026

Alpine 3.22.5, 3.23.5 released | Alpine Linux

An OpenSSL vulnerability addressed in Alpine Linux 3.22.5 and 3.23.5 as part of the June 9, 2026 OpenSSL advisory.

alpinelinuxNews

Jun 13, 2026

Alpine 3.24.1 released | Alpine Linux

An OpenSSL vulnerability addressed in Alpine Linux 3.24.1 as part of the June 9, 2026 advisory.

openssl libraryNews

Jun 9, 2026

Vulnerabilities 4.0 | OpenSSL Library

A low-severity OpenSSL heap out-of-bounds read in CMS password-based decryption where attacker-controlled cipher selection can bypass length assumptions during PWRI key unwrap, potentially causing denial of service.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity19

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-9076

NVD

nvd.nist.gov/vuln/detail/CVE-2026-9076

MITRE CWE · CWE-125

Out-of-bounds Read

Patch

github.com/openssl/openssl/commit/05b066366842f930fadd9a6e94df98030af431bb

Patch

github.com/openssl/openssl/commit/3d8d5bc1056b2f62da9fede23fedbf47e85187b0

Patch

github.com/openssl/openssl/commit/715349a1d7c6db970e6815dafb90915f07307f98

Patch

github.com/openssl/openssl/commit/77bf00ab13f6ff5e516535432f0328ed70ec0c26

Patch

github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6

Vendor Advisory

openssl-library.org/news/secadv/20260609.txt