CVE-2026-42770

🗓️ 09 Jun 2026 16:03:29Reported by opensslType

DHX X9.42 peer validation uses attacker-supplied q, enabling small-subgroup attack to recover private key.

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q	9 Jun 202616:03	–	cvelist
Debian CVE	CVE-2026-42770	9 Jun 202616:03	–	debiancve
EUVD	EUVD-2026-35487	9 Jun 202618:30	–	euvd
NVD	CVE-2026-42770	9 Jun 202617:17	–	nvd
OSV	DEBIAN-CVE-2026-42770	9 Jun 202619:47	–	osv
OSV	UBUNTU-CVE-2026-42770	9 Jun 202600:00	–	osv
Positive Technologies	PT-2026-47840	9 Jun 202600:00	–	ptsecurity
Ubuntu	USN-8414-1: OpenSSL vulnerabilities	9 Jun 202617:14	–	ubuntu
Vulnrichment	CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q	9 Jun 202616:03	–	vulnrichment

Vulners

Node

openssl opensslRange4.0.0–4.0.1

openssl opensslRange3.6.0–3.6.3

openssl opensslRange3.5.0–3.5.7

openssl opensslRange3.4.0–3.4.6

openssl opensslRange3.0.0–3.0.21

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "4.0.1",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.6.3",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.7",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.6",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.21",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/security/commit/3ddbb7ab50bd93dfc59cbe08e269a67605aeebdb
openssl-library	www.openssl-library.org/news/secadv/20260609.txt
github	www.github.com/openssl/security/commit/ca2237ab5615641b662183b077f62c08d75e8070
github	www.github.com/openssl/security/commit/5f452bba2c681423d8fcffd120a19b757ee42e3c
github	www.github.com/openssl/security/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2
github	www.github.com/openssl/security/commit/3da5a516cd2635a320ff748503db2cef7c4b0f02

09 Jun 2026 21:17Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.13.7

SSVC

CWE-325