Severity: Unknown
Affected Package: openssl
Summary: NULL dereference processing CMS KeyTransportRecipientInfo
Processing a crafted CMS EnvelopedData message with KeyTransportRecipientInfo can trigger a NULL pointer dereference. Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations, resulting in Denial of Service. Severity: Low (OpenSSL).
No specific recommendations provided.
Aliases: CVE-2026-28390
Published: June 11, 2026
Last Modified: June 11, 2026