OpenSSL up to 3.4.5/3.5.6/3.6.2/4.0.0 OSSL_CMP_get1_rootCaKeyUpdate certificate validation

Summaryinfo

A vulnerability classified as problematic was found in OpenSSL up to 3.4.5/3.5.6/3.6.2/4.0.0. Impacted is the function OSSL_CMP_get1_rootCaKeyUpdate. Such manipulation leads to certificate validation. This vulnerability is uniquely identified as CVE-2026-42769. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in OpenSSL up to 3.4.5/3.5.6/3.6.2/4.0.0 and classified as problematic. Affected by this issue is the function OSSL_CMP_get1_rootCaKeyUpdate. The manipulation with an unknown input leads to a certificate validation vulnerability. Using CWE to declare the problem leads to CWE-295. The product does not validate, or incorrectly validates, a certificate. Impacted is integrity. CVE summarizes:

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level. Impact Summary: The Registration Autority could replace the root CA certificate for the CMP clients with an arbitrary root CA certificate. One of the parts of the Certificate Management Protocol (CMP), specified in RFC 9810, is Root Certification Authority (root CA) key Rollover, which is sent by the server in a message with type 'id-it-rootCaKeyUpdate'. As part of these messages, 'newWithOld' certificate, the new root CA certificate signed with the old root CA key, is provided, and verifying its signature is crucial for transferring the trust from the old CA key to the new one. The 'id-it-rootCaKeyUpdate' messages are expected to be processed with OSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld' certificate. A typo in the certificate chain building code led to adding an incorrect certificate ('newWithOld' instead of 'oldRoot') to the certificate chain, rendering the certificate verification process ineffectual (only the issuer name and the algorithm OIDs were verified by other parts of the verification code). An attacker who already has credentials that satisfy the CMP message protection checks can generate a new key pair and use a crafted self-signed certificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP clients would accept as a new trust anchor. Significant preconditions for the attack (having valid RA-level credentials) are the reason the issue was assigned Low severity. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

The advisory is shared for download at openssl-library.org. This vulnerability is handled as CVE-2026-42769 since 04/29/2026. The exploitation is known to be difficult. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 06/09/2026). The MITRE ATT&CK project declares the attack technique as T1587.003.

Upgrading to version 3.4.6, 3.5.7, 3.6.3 or 4.0.1 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Network Encryption Software

Name

• OpenSSL

Version

• 3.4.0
• 3.4.1
• 3.4.2
• 3.4.3
• 3.4.4
• 3.4.5
• 3.5.0
• 3.5.1
• 3.5.2
• 3.5.3
• 3.5.4
• 3.5.5
• 3.5.6
• 3.6.0
• 3.6.1
• 3.6.2
• 4.0

License

• open-source

Website

• Product: https://www.openssl.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion