OpenSSL Data Breach Vulnerability Fixed with Latest Update
OpenSSL Patches Critical Data Leakage Vulnerability
In a recent update, OpenSSL has patched seven vulnerabilities, including a critical flaw that allows attackers to extract sensitive data.
The vulnerability, tracked as CVE-2026-31790, affects applications that utilize RSA-SVX key encapsulation to establish a secure encryption key.
Specifically, the bug occurs when OpenSSL fails to properly verify whether the encryption was successful, despite returning a success message. This exposes sensitive data from an uninitialized memory buffer to the attacker, who can potentially access sensitive data from the previous application execution.
“This type of vulnerability can lead to sensitive data leakage to an attacker,” stated OpenSSL developers in their advisory. “The uninitialized buffer might contain sensitive data from the previous execution of the application process.”
Vulnerable OpenSSL Versions:
- OpenSSL 3.6
- OpenSSL 3.5
- OpenSSL 3.4
- OpenSSL 3.3
- OpenSSL 3.0
About Author
English