CVE-2026-41681: rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-26

EPSS Score

0.04% (percentile: 12.9%)

Affected Products (7)

Other

• 21165-17084
• 21136-17084
• 21241-17084
• 21223-17084

Open Source Software

• cbl2 rust 1.72.0-15 on CBL Mariner 2.0
• azl3 rust 1.75.0-27 on Azure Linux 3.0
• azl3 rust 1.90.0-6 on Azure Linux 3.0

Revision History

• 2026-04-26: Information published.