PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2673 Cert Portal CVE debrief

CVE-2026-2673 is a High-severity OpenSSL TLS 1.3 server issue in which use of the DEFAULT keyword can flatten the intended group tuple structure and lead the server to negotiate a less preferred key exchange group than expected. In some cases, the server may also fail to send a Hello Retry Request when a more preferred mutually supported group exists but was not among the client’s initial predicted keyshares. The source advisory says this can affect negotiation of newer hybrid post-quantum groups, and that OpenSSL 3.5 and 3.6 are vulnerable while 3.4, 3.3, 3.0, 1.1.1, and 1.0.2 are not. No FIPS modules are affected.

Vendor
Cert Portal
Product
Siemens SIMATIC CN 4100 vers:intdot/<5.0
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-12
Original CVE updated
2026-05-14
Advisory published
2026-05-12
Advisory updated
2026-05-14

Who should care

Administrators and security teams operating OpenSSL TLS 1.3 servers, especially those using custom group configuration with the DEFAULT keyword or evaluating hybrid post-quantum TLS key exchange groups. Network teams that terminate TLS in appliances or services should also review whether they embed vulnerable OpenSSL 3.5/3.6 libraries.

Technical summary

According to the CISA/Siemens-republished advisory, the defect affects OpenSSL TLS 1.3 server-side key exchange group selection when the built-in default list is interpolated via DEFAULT. That interpolation can lose the tuple structure used by the newer preferred-group syntax, causing all server-supported groups to be treated as a single sufficiently secure tuple. As a result, the server may accept a less preferred key exchange without issuing Hello Retry Request, even when a more preferred tuple is mutually supported. The advisory notes the issue is outside the FIPS boundary, has CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, and is scored 7.5 HIGH.

Defensive priority

High. This is a network-reachable TLS negotiation flaw that can alter cryptographic group selection on exposed servers. Prioritize remediation on any public-facing or security-sensitive TLS termination points running OpenSSL 3.5 or 3.6, especially if they rely on DEFAULT-based group configuration.

Recommended defensive actions

  • Inventory TLS servers and embedded products using OpenSSL 3.5 or 3.6.
  • Check whether TLS 1.3 server group configuration uses the DEFAULT keyword or custom tuple-based selection.
  • Upgrade to OpenSSL 3.6.2 or later once available, or OpenSSL 3.5.6 or later once available, per the advisory.
  • Where possible, define preferred TLS 1.3 groups explicitly rather than relying on DEFAULT interpolation.
  • Test negotiated key exchange behavior, including Hello Retry Request handling, after any configuration changes.
  • Confirm whether any affected service is delivered through a Siemens product or another vendor package that bundles OpenSSL, and follow the vendor’s remediation guidance.
  • Verify that no affected FIPS assumptions are being made for this issue; the advisory states the code path is outside the FIPS boundary.

Evidence notes

Primary evidence comes from the CISA CSAF source item for ICSA-26-134-10 and the republished Siemens advisory links. The advisory text explicitly states the defect, the affected OpenSSL versions, the lack of FIPS impact, and the remediation targets. The supplied vendor metadata names a Siemens SIMATIC product, but the vulnerability description is clearly about OpenSSL TLS 1.3 behavior; treat that product metadata as needing review rather than as authoritative for scope.

Official resources

Publicly disclosed on 2026-05-12, with a CISA republication update on 2026-05-14.