CVE-2026-41676: rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-26

EPSS Score

0.04% (percentile: 12.9%)

Affected Products (8)

Other

• 20878-17086
• 21165-17084
• 21136-17084
• 21241-17084
• 21223-17084

Open Source Software

• cbl2 rust 1.72.0-15 on CBL Mariner 2.0
• azl3 rust 1.75.0-27 on Azure Linux 3.0
• azl3 rust 1.90.0-6 on Azure Linux 3.0

Revision History

• 2026-04-26: Information published.