Buffer Overrun Vulnerability in OpenSC Product by OpenSC
CVE-2026-40528

1LOW

Key Information:

Vendor: Opensc
Status: Opensc
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-40528?

OpenSC prior to version 0.27.0 contains a vulnerability in the do_key_value() function, where insufficient length checks during the copying of data can result in both stack and heap buffer overruns. This issue arises when an attacker supplies a specially crafted profile configuration file, leading to potential memory corruption. It is crucial for users to upgrade to the patched version to mitigate this risk effectively.

Affected Version(s)

OpenSC 0

OpenSC 0 < 0.27.0

OpenSC 0 < 0358817ec74aeca654f83e7709c7720b14c5db59

References

https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca65...

patch

https://www.vulncheck.com/advisories/opensc-buffer-overru...

third-party-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 13, 2026

Credit

Nicholas Carlini of Anthropic

CVE-2026-40528 Data

JSON