Out-of-bounds read in OpenSSL's PKCS7 parsing

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.3

Out-of-bounds read in OpenSSL's PKCS7 parsing

CVE-2026-5392

Summary

A malicious email message can cause OpenSSL to access memory it shouldn't, potentially leading to security issues. This issue affects OpenSSL's ability to properly handle certain types of encrypted emails. To protect your system, update to the latest version of OpenSSL.

Original title

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7...

Original description

nvd CVSS4.0 2.3

Vulnerability type

CWE-125 Out-of-bounds Read

https://github.com/wolfssl/wolfssl/pull/10039

Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026