CVE-2026-41898: rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-29

EPSS Score

0.04% (percentile: 12.8%)

Affected Products (8)

Open Source Software

• cbl2 rpm-ostree 2022.1-8 on CBL Mariner 2.0
• cbl2 rust 1.72.0-15 on CBL Mariner 2.0
• azl3 rust 1.90.0-6 on Azure Linux 3.0
• azl3 clamav 1.5.2-1 on Azure Linux 3.0
• azl3 python-cryptography 42.0.5-4 on Azure Linux 3.0
• azl3 rpm-ostree 2024.4-8 on Azure Linux 3.0
• azl3 rust 1.75.0-27 on Azure Linux 3.0
• azl3 trident 0.22.0-1 on Azure Linux 3.0

Revision History

• 2026-04-29: Information published.