JLSEC-2026-275

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-275.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-275.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-275
Upstream
  • EUVD-2026-19966
Published
2026-04-27T18:33:55.942Z
Modified
2026-04-27T20:17:13.973608Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen.

Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service.

When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing.

Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Database specific 
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-28390",
            "modified": "2026-04-23T15:39:52.520Z",
            "id": "CVE-2026-28390",
            "published": "2026-04-07T22:16:21.190Z",
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-04-27T16:32:55.420Z"
        },
        {
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-19966",
            "modified": "2026-04-15T07:28:22Z",
            "id": "EUVD-2026-19966",
            "published": "2026-04-07T22:00:54Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-19966",
            "imported": "2026-04-27T16:32:59.115Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / AppBundler

Package

Name
AppBundler
Purl
pkg:julia/AppBundler?uuid=40eb83ae-c93a-480c-8f39-f018b568f472

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-275.json"

Julia / OpenSSL_jll

Package

Name
OpenSSL_jll
Purl
pkg:julia/OpenSSL_jll?uuid=458c3c95-2e84-50aa-8efc-19380b2a3a95

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.20+0
Introduced
3.5.0+0
Fixed
3.5.6+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-275.json"

Julia / Openresty_jll

Package

Name
Openresty_jll
Purl
pkg:julia/Openresty_jll?uuid=87da34d4-7b1b-5a94-8376-8cb65bf3132c

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-275.json"