PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10275 OpenSC CVE debrief

A buffer overflow vulnerability exists in OpenSC's pkcs11-tool utility, specifically in the test_kpgen_certwrite function within src/tools/pkcs11-tool.c. The flaw affects OpenSC versions up to and including 0.26.1. While the attack vector is remote, the complexity is high and exploitability is assessed as difficult. A patch has been committed to address this issue. The vulnerability is classified as LOW severity with a CVSS score of 1.3.

Vendor
OpenSC
Product
OpenSC
CVSS
LOW 1.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-01
Original CVE updated
2026-06-01
Advisory published
2026-06-01
Advisory updated
2026-06-01

Who should care

Organizations using OpenSC for smart card and HSM operations, particularly those utilizing pkcs11-tool for key generation in automated or network-accessible environments. Security teams responsible for cryptographic infrastructure and smart card middleware deployments.

Technical summary

The vulnerability resides in the test_kpgen_certwrite function of src/tools/pkcs11-tool.c in OpenSC versions ≤0.26.1. This function is part of the pkcs11-tool Key Generation Module. A buffer overflow can be triggered through manipulation of this function, with remote attack possibility. The high attack complexity and user interaction requirement contribute to the LOW CVSS score of 1.3. The fix is available as commit 814f745b3b6d100295f65f1935edd33d520d33ab. The vulnerability is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

Defensive priority

low

Recommended defensive actions

  • Apply the patch commit 814f745b3b6d100295f65f1935edd33d520d33ab to remediate the buffer overflow vulnerability in pkcs11-tool
  • Upgrade to OpenSC version newer than 0.26.1 when available
  • Monitor OpenSC GitHub repository for official release announcements containing the fix
  • Review and restrict access to pkcs11-tool in environments where smart card key generation operations are performed
  • Assess whether the test_kpgen_certwrite code path is reachable in your specific deployment configuration given the high attack complexity

Evidence notes

The CVE description identifies the affected function as test_kpgen_certwrite in src/tools/pkcs11-tool.c, with buffer overflow as the consequence. The patch commit 814f745b3b6d100295f65f1935edd33d520d33ab is referenced as the remediation. The CVSS:4.0 vector indicates network attack vector with high attack complexity, no privileges required, but user interaction present. The vulnerability status in NVD is listed as 'Deferred'. Weaknesses are identified as CWE-119 and CWE-120 (buffer overflow related). The vendor attribution is marked as low confidence based on reference domain candidate analysis pointing to Baidu, though the actual affected project is OpenSC.

Official resources

2026-06-01