Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.8

IBM opencryptoki update fixes critical security risk on IBM crypto cards

RLSA-2026:5587
Summary

IBM has released a security update for its opencryptoki software, which affects IBM crypto cards and software tokens. This update fixes a critical vulnerability that could allow an attacker to gain elevated access to sensitive data or even take control of the system. We recommend installing the update as soon as possible to protect your crypto cards and data.

What to do
  • Update opencryptoki to version 0:3.22.0-3.el8_10.2.
Affected software
VendorProductAffected versionsFix available
– opencryptoki <= 0:3.22.0-3.el8_10.2 0:3.22.0-3.el8_10.2
Original title
Moderate: opencryptoki security update
Original description
The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.

Security Fix(es):

* openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following (CVE-2026-23893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1 6.8
Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026