CVE-2026-9076

🗓️ 09 Jun 2026 16:03:16Reported by opensslType

CMS password-based decryption may read beyond heap when a stream cipher is used, causing denial.

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption	9 Jun 202616:03	–	cvelist
Debian CVE	CVE-2026-9076	9 Jun 202616:03	–	debiancve
EUVD	EUVD-2026-35475	9 Jun 202618:31	–	euvd
NVD	CVE-2026-9076	9 Jun 202617:17	–	nvd
OSV	DEBIAN-CVE-2026-9076	9 Jun 202619:48	–	osv
Positive Technologies	PT-2026-47856	9 Jun 202600:00	–	ptsecurity
Ubuntu	USN-8414-2: OpenSSL vulnerabilities	9 Jun 202618:29	–	ubuntu

Vulners

Node

openssl opensslRange4.0.0–4.0.1

openssl opensslRange3.6.0–3.6.3

openssl opensslRange3.5.0–3.5.7

openssl opensslRange3.4.0–3.4.6

openssl opensslRange3.0.0–3.0.21

openssl opensslRange1.1.1–1.1.1zh

openssl opensslRange1.0.2–1.0.2zq

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "4.0.1",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.6.3",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.7",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.6",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.21",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.1.1zh",
        "status": "affected",
        "version": "1.1.1",
        "versionType": "custom"
      },
      {
        "lessThan": "1.0.2zq",
        "status": "affected",
        "version": "1.0.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/security/commit/715349a1d7c6db970e6815dafb90915f07307f98
github	www.github.com/openssl/security/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6
github	www.github.com/openssl/security/commit/77bf00ab13f6ff5e516535432f0328ed70ec0c26
github	www.github.com/openssl/security/commit/3d8d5bc1056b2f62da9fede23fedbf47e85187b0
openssl-library	www.openssl-library.org/news/secadv/20260609.txt
github	www.github.com/openssl/security/commit/05b066366842f930fadd9a6e94df98030af431bb

09 Jun 2026 20:17Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.17.5

CWE-125