PatchSiren

Rust OpenSSL Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Rust Openssl Project CVE published 2026-04-24

CVE-2026-41676

The CVE record for CVE-2026-41676 was published on 2026-04-24T18:16:29.120Z. This vulnerability affects Rust-OpenSSL versions between 0.9.27 and before 0.10.78. The vulnerability class is related to the Deriver::derive and PkeyCtxRef::derive functions setting the length of the buffer and passing it to EVP_PKEY_derive, relying on OpenSSL to honor it. However, on OpenSSL 1.1.x, certain functions ignore the [truncated]