CVE-2026-40253 | openCryptoki up to 3.26.0 on Linux/AIX asn1.c length out-of-bounds (GHSA-c9cf-6vr4-wfxm)

April 17, 2026 Yanac

A vulnerability, which was classified as problematic, was found in openCryptoki up to 3.26.0 on Linux/AIX. The affected element is the function ber_decode_INTEGER/ber_decode_SEQUENCE/ber_decode_OCTET_STRING/ber_decode_BIT_STRING/ber_decode_CHOICE of the file asn1.c. Such manipulation of the argument length leads to out-of-bounds read.

This vulnerability is listed as CVE-2026-40253. The attack must be carried out locally. There is no available exploit.

Applying a patch is advised to resolve this issue.VulDB Recent EntriesRead More