CVE-2026-41677: rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-26

EPSS Score

0.08% (percentile: 24.5%)

Affected Products (8)

Open Source Software

• cbl2 rust 1.72.0-15 on CBL Mariner 2.0
• azl3 rust 1.75.0-27 on Azure Linux 3.0
• azl3 rust 1.90.0-6 on Azure Linux 3.0

Other

• 21165-17084
• 21223-17084
• 20878-17086
• 21136-17084
• 21241-17084

Revision History

• 2026-04-26: Information published.