NULL Pointer Dereference in OpenSSL Affects Certificate Verification
CVE-2026-42765

7.5HIGH

Key Information:

Vendor

OpenSSL

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-42765?

The vulnerability involves a NULL pointer dereference occurring during certificate chain verification when both partial-chain verification and OCSP response checking are enabled. If the certificate chain lacks a self-signed trusted anchor, the verification process crashes due to the attempt to access a NULL issuer for the last certificate in the chain. This issue is specific to configurations that activate these two verification options, which are disabled by default. Notably, this vulnerability does not affect any FIPS modules since the relevant code lies outside the OpenSSL FIPS module boundary.

Affected Version(s)

OpenSSL 4.0.0 < 4.0.1

OpenSSL 3.6.0 < 3.6.3

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joshua Rogers (Aisle Research)
Joshua Rogers (Aisle Research)
Daniel Kubec
.