CVE-2026-34181

EUVD-2026-35477

09.06.2026, 17:17

Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certificate and private key forgery.

Impact Summary: An attacker impersonating a user can cause a service reading
PKCS#12 files to accept forged certificates and private keys with a 1 in 256
probability.

If a service accepting PKCS#12 files is using passwords for authenticating
the received files, the attacker can create unencrypted PKCS#12 files that
use PBMAC1 authentication that specifies an HMAC key of only one byte, allowing
them to craft a file that will be accepted with a 1 in 256 probability.
That would then cause the service to accept a certificate and private key
controlled by the attacker.

The FIPS modules are not affected by this issue, as the affected code is
outside the OpenSSL FIPS module boundary.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
openssl	CNA	UNKNOWN				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
openssl	openssl	4.0.0 ≤ 𝑥 < 4.0.1	CNA
openssl	openssl	3.6.0 ≤ 𝑥 < 3.6.3	CNA
openssl	openssl	3.5.0 ≤ 𝑥 < 3.5.7	CNA
openssl	openssl	3.4.0 ≤ 𝑥 < 3.4.6	CNA

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.20-1~deb12u1 fixed
bookworm (security)	3.0.20-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u7 fixed
forky	vulnerable
sid	vulnerable
trixie	vulnerable
trixie (security)	3.5.6-1~deb13u2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
questing	Fixed 3.5.3-1ubuntu3.4 released
resolute	Fixed 3.5.5-1ubuntu3.2 released
trusty	not-affected
xenial	not-affected

openssl-fips

jammy	not-affected
noble	not-affected
questing	dne
resolute	dne

openssl1.0

bionic	not-affected
jammy	dne
noble	dne
questing	dne
resolute	dne

nodejs

bionic	not-affected
focal	not-affected
jammy	needed
noble	not-affected
questing	not-affected
resolute	not-affected
trusty	not-affected

edk2

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
questing	needs-triage
resolute	needs-triage

Common Weakness Enumeration

CWE-354 - Improper Validation of Integrity Check Value
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

https://github.com/openssl/security/commit/0300eb9ddce7a0895bf301a4b0c03a9da2313a0f

https://github.com/openssl/security/commit/79eb76a937e474bb7610a0a3dc57131dc8dc6610

https://github.com/openssl/security/commit/85dcbb3abaa4878af5c8fbbe11bce708fcf984a7

https://github.com/openssl/security/commit/ec36f2417c4ddd8cabce4b4a60a3d7a7365f2d81

https://openssl-library.org/news/secadv/20260609.txt