CVE-2026-22796 — Improper Check for Unusual or Exceptional Conditions in Openssl

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-1287 — Improper Validation of Specified Type of Input25 documents9 sources

Severity

5.3MEDIUMNVD

OSV6.1

EPSS

0.1%

top 69.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl

Timeline

PublishedJan 27

Description

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5openssl/openssl3.6.0 — 3.6.1+6

▶NVDopenssl/openssl1.0.2 — 1.0.2zn+6

▶Alpineopenssl/openssl< 3.0.19-r0+4

▶Debianopenssl/openssl< 1.1.1w-0+deb11u5+3

▶Ubuntuopenssl/openssl< 3.0.2-0ubuntu1.21+10

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-22796: Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed w↗2026-01-27

▶

OSV

openssl, openssl1.0 vulnerabilities↗2026-01-27

▶

CVEList

ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function↗2026-01-27

▶

OSV

openssl vulnerabilities↗2026-01-27

▶

OSV

CVE-2026-22796: Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed w↗2026-01-27

▶

📋Vendor Advisories

Red Hat

openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification↗2026-01-27

▶

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

BSD

FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL↗2026-01-27

▶

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

Debian

CVE-2026-22796: openssl - Issue summary: A type confusion vulnerability exists in the signature verificati...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2025-15469 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2673 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-69421 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-22796 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-15468 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶