HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-34182Published Modified CNA openssl

CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve key-equivalent functionality for a given CMS recipient and/or bypass integrity validation for a given message. In one use case, an attacker may send a CMS message containing AuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL erroneously allows this selection, and attempts to decrypt and validate the message. An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData addressed to the victim can re-emit it with the recipientInfos set left byte-for-byte intact, so the victim's private key still unwraps the genuine CEK (the content-encryption key), but with the inner OID rewritten to AES-256-OFB (Output Feedback Mode, an unauthenticated keystream mode) and with an attacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the real CEK, never consults the MAC field, and CMS_decrypt() returns success. If the application under attack responds to the attacker with any indicator showing success or failure of the decryption effort, it is possible for the attacker to use this as an oracle to obtain key equivalent functionality for the CEK used for the chosen recipient of the message. In another use case, an attacker can reduce the tag length of the chosen AEAD cipher for a given AuthEnvelopedData container to be a single byte long, allowing an attacker to brute force CMS decryption, producing an integrity bypass for applications that trust CMS_decrypt() to reject modified content. The FIPS modules are not affected by this issue.

Metrics

CVSS v3.1
9.1
Severity
CRITICAL
Fixed in
3.0.21
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a cryptographic validation bypass in OpenSSL's CMS (Cryptographic Message Syntax) AuthEnvelopedData processing. The vulnerability is reachable over the network with no authentication required, exploitable by an on-path attacker who can intercept and manipulate encrypted CMS messages in transit. Successful exploitation allows the attacker to forge decryption success against a victim application or recover key-equivalent functionality for a content-encryption key, enabling both confidentiality and integrity compromise of protected messages. Patched-image rebuilds at versions 3.0.21, 3.4.6, 3.5.7, 3.6.3, and 4.0.1 are available on HarborGuard for environments running an affected OpenSSL version.

HarborGuard Coverage

Detection

Detection of CVE-2026-34182 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication using upstream feed ingestion from OpenSSL and associated advisories. This coverage extends to custom-built images that bundle affected OpenSSL versions, not just upstream base images.

Available
Triage

HarborGuard is capable of scoring this CVE at its CVSS v3.1 rating of 9.1 (Critical) and weighting it further against each environment's compliance policy, surfacing it at the appropriate severity tier. Routing to the correct team inbox within each customer organization is available based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at the applicable fix version (3.0.21, 3.4.6, 3.5.7, 3.6.3, or 4.0.1 depending on the installed branch) becomes available on HarborGuard for any image found to contain an affected OpenSSL release. For customers who opt into auto-remediation, HarborGuard is capable of triggering the rebuild, running a regression test suite, and opening a pull request against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for Critical-severity issues in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the target service over the network to deliver or intercept crafted CMS AuthEnvelopedData messages.

  • AuthenticationNot required

    No credentials or account are needed; the attacker only needs the ability to send or intercept CMS messages addressed to the victim.

  • Victim interactionNot required

    No user action is required; the victim application passively processes the malformed or replayed CMS message.

  • Attack complexityDetail

    The exploit is reliable and condition-free for the OFB cipher-substitution path; the tag-truncation brute-force path requires only network access and a decryption oracle, with no race conditions or environment-specific prerequisites.

Blast Radius

  • An attacker recovers key-equivalent functionality for the content-encryption key used in the targeted CMS message, allowing decryption of all content protected under that key.
  • An attacker bypasses AEAD integrity validation entirely by reducing the authentication tag to a single byte, causing the application to accept attacker-modified plaintext as authentic.
  • Applications that use CMS_decrypt() return status as a decryption oracle expose the CEK to systematic recovery through repeated crafted submissions.
  • Confidential message content addressed to the victim, including any embedded secrets or credentials, becomes readable by the on-path attacker.

How HarborGuard Handles This

Available on HarborGuard: detection, triage, and patched-image rebuild for CVE-2026-34182 are all operational capabilities. Any image in a customer registry or CI pipeline that includes an affected OpenSSL release (4.0.0 before 4.0.1, 3.6.x before 3.6.3, 3.5.x before 3.5.7, 3.4.x before 3.4.6, or earlier 3.0.x series before 3.0.21) is flagged automatically. Where compliance policy permits, auto-remediation customers receive a rebuilt image at the correct fix version, a regression-test run, and a pull request opened against affected workloads; median time from publication to merged patch PR for Critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Note that the FIPS provider modules are explicitly unaffected per the upstream advisory, so images using only the FIPS build path do not require remediation. For environments where an immediate rebuild is not possible, compensating controls worth considering include network-policy rules restricting which services can receive externally-sourced CMS messages, egress filtering to limit decryption-oracle feedback to untrusted callers, and application-layer validation that independently verifies AEAD cipher OIDs and tag lengths before passing data to CMS_decrypt().

See how HarborGuard automates this

Fix available

3.0.213.4.63.5.73.6.34.0.1
Patch commits
Affected packages
  • OpenSSL / OpenSSL
    < 4.0.1 (from 4.0.0) · < 3.6.3 (from 3.6.0) · < 3.5.7 (from 3.5.0) · < 3.4.6 (from 3.4.0) · < 3.0.21 (from 3.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References