CVE-2026-42770 | OpenSSL up to 4.0.0 EVP_PKEY_derive_set_peer missing cryptographic step

SecurityVulns
Yanac

A vulnerability was found in OpenSSL up to 3.0.20/3.4.5/3.5.6/3.6.2/4.0.0. It has been rated as problematic. Affected by this issue is the function EVP_PKEY_derive_set_peer. Performing a manipulation results in missing cryptographic step.

This vulnerability is cataloged as CVE-2026-42770. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More