Login Sign Up

CVE-2026-22795

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a type confusion vulnerability in OpenSSL's PKCS#12 parsing code where an invalid or NULL pointer dereference occurs when processing malformed PKCS#12 files. The vulnerability can cause a Denial of Service (crash) but is limited to the zero page address space (0x00-0xFF), making exploitation difficult. OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0, and 1.1.1 are affected.

💻 Affected Systems

Products:
  • OpenSSL
Versions: 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1
Operating Systems: All operating systems using affected OpenSSL versions
Default Config Vulnerable: ⚠️ Yes
Notes: OpenSSL 1.0.2 and FIPS modules in 3.5, 3.4, 3.3, and 3.0 are not affected. PKCS#12 files are typically used for trusted private keys, reducing exposure.

📦 What is this software?

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to Denial of Service when processing a malicious PKCS#12 file.

🟠

Likely Case

Application crash if processing untrusted PKCS#12 files, though this is uncommon as PKCS#12 files typically contain trusted private keys.

🟢

If Mitigated

No impact if applications don't process untrusted PKCS#12 files or if patched.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: LOW with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires user/application to process a malicious PKCS#12 file, and pointer manipulation is constrained to 0x00-0xFF address space (zero page), which is unmapped on modern OSes, limiting to DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check OpenSSL security advisories for specific patched versions

Vendor Advisory: https://www.openssl.org/news/secadv/

Restart Required: Yes

Instructions:

1. Check current OpenSSL version. 2. Update to a patched version as per OpenSSL security advisory. 3. Restart affected applications/services.

🔧 Temporary Workarounds

Restrict PKCS#12 file processing

all

Avoid processing untrusted PKCS#12 files in applications.

🧯 If You Can't Patch

  • Implement strict input validation to reject malformed PKCS#12 files.
  • Monitor and restrict applications that process PKCS#12 files from untrusted sources.

🔍 How to Verify

Check if Vulnerable:

Check OpenSSL version with 'openssl version' command and compare against affected versions.

Check Version:

openssl version

Verify Fix Applied:

Verify OpenSSL version is updated to a non-vulnerable version (e.g., 1.0.2 or patched release).

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults when processing PKCS#12 files

SIEM Query:

Search for application logs containing 'segmentation fault', 'crash', or 'PKCS#12' errors.

📊 Metadata

CVE ID: CVE-2026-22795
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-754
EPSS Score: 0.02% exploit probability (2.9th percentile)
Published: January 27, 2026
Last Updated: February 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22795, you might also want to check these:

CVE-2026-24054 10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the hos...

Same vulnerability type (CWE-754)
CVE-2021-0211 10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specia...

Same vulnerability type (CWE-754)
CVE-2024-3729 9.8

This vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to manipu...

Same vulnerability type (CWE-754)