Multiple OpenSSL Vulnerabilities Exposes Sensitive Data in RSA KEM Handling

OpenSSL has put out a security update for April 2026 that fixes seven holes. If you have a vulnerable version of OpenSSL 3.x, you should upgrade to OpenSSL 3.0.20. The advisory tells developers who use caller-supplied ciphertext buffers to be careful because of a logic error that could cause bad things to happen.

OpenSSL fixed six minor bugs that had to do with DANE clients and KeyAgreeRecipientInfo handling. The vendor said that this bug affects OpenSSL versions 3.3, 3.4, 35, and 3.6. However, OpenSSL versions 1.0, 1.1, and 1.2 are not affected by the update. It could make sensitive data from a previous run of the application process available, which is a problem for both general-purpose deployments and regulated environments that depend on proven cryptographic boundaries.

It depends on an application taking an invalid RSA public key that an attacker controls in the first place. This means that environments that check imported public keys are better off than those that assume keys are safe. It also fixes a heap buffer overflow that happens when you convert an oversized OCTET STRING to hexadecimal on 32-bit platforms (CVE-2026-31789) and two CMS NULL dereference problems in KeyAgreesRecipient Info and KeyTransportRecipient info handling.