CVE-2026-10275
5.0 MEDIUMA flaw has been found in OpenSC up to 0.26.1
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 5.0 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
- CWE
- CWE-119, CWE-120
Description
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10275
- [Other]https://github.com/OpenSC/OpenSC/
- [Other]https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
- [Other]https://github.com/OpenSC/OpenSC/issues/3682
- [Other]https://github.com/OpenSC/OpenSC/pull/3684
- [Other]https://pan.baidu.com/s/1nrZPKDz2eAcCpsaFiIRlrg
- [Other]https://vuldb.com/cve/CVE-2026-10275
- [Other]https://vuldb.com/submit/825403
- [Other]https://vuldb.com/vuln/367568
- [Other]https://vuldb.com/vuln/367568/cti
Related CVEs
Same CWE
- CVE-2026-12216 — A weakness has been identified in svaarala duktape up to 2.99.99 (5.3 MEDIUM)
- CVE-2026-12200 — A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32 (7.3 HIGH)
- CVE-2026-12193 — A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x (7.8 HIGH)
- CVE-2026-12192 — A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
- CVE-2026-12174 — A security vulnerability has been detected in D-Link DCS-935L 1.10.01 (8.8 HIGH)