CVE-2026-22795 · threatengine.sh

Home/CVE/Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.

CVE

CVE-2026-22795

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.

The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file.

It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

MEDIUM · CVSS 5.5 EPSS 0.00048

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-754Improper Check for Unusual or Exceptional Conditions

▤

Affected Products & Versions

6

openssl>= 1.1.1 and < 1.1.1ze
openssl>= 3.0.0 and < 3.0.19
openssl>= 3.3.0 and < 3.3.6
openssl>= 3.4.0 and < 3.4.4
openssl>= 3.5.0 and < 3.5.5
openssl>= 3.6.0 and < 3.6.1

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · openssl-security@openssl.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD27 Jan 2026 · 04:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

no

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

29

rhsaRHSA-2026:7261Moderate
suse-csafopenSUSE-SU-2026:10237-1
suse-csafSUSE-SU-2026:20373-1
rhsaRHSA-2026:4943Important
suse-csafSUSE-SU-2026:20349-1
Show all 29 vendor advisoriessuse-csafopenSUSE-SU-2026:20152-1
suse-csafSUSE-SU-2026:0358-1
suse-csafSUSE-SU-2026:0359-1
suse-csafSUSE-SU-2026:0360-1
suse-csafSUSE-SU-2026:20211-1
suse-csafSUSE-SU-2026:20223-1
suse-csafSUSE-SU-2026:0346-1
suse-csafSUSE-SU-2026:0343-1
suse-csafSUSE-SU-2026:0309-1
suse-csafSUSE-SU-2026:0310-1
suse-csafSUSE-SU-2026:0311-1
suse-csafSUSE-SU-2026:0312-1
suse-csafSUSE-SU-2026:0331-1
usnUSN-7980-2
usnUSN-7980-1
rhsaRHSA-2026:3228Important
rhsaRHSA-2026:1736Important
rhsaRHSA-2026:2563Important
rhsaRHSA-2026:1473Important
rhsaRHSA-2026:2485Important
rhsaRHSA-2026:1472Important
siemens-csafSSA-265688
oracle-cpuoracle-cpu-MySQL-Connectors-8576--CVE-2026-22795
cisa-csafcisa-csaf-csaf_files-OT-white-2024-icsa-24-102-01

🔗

References & Sources

7

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4Patch

https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49Patch

https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12Patch

https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373ePatch

https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2Patch

https://openssl-library.org/news/secadv/20260127.txtVendor Advisory

Show all 7 references

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin