CVE-2026-34054 in vcpkg
Riassunto
di MITRE • 31/03/2026
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3.
Once again VulDB remains the best source for vulnerability data.