Cyber Resilience

CVE-2026-42765

HighUpdated

Published: 09 June 2026

Published
09 June 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0042 33.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-42765 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Openssl Openssl. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2026-42765 is a NULL pointer dereference vulnerability in OpenSSL's certificate chain verification code. It occurs when an application enables both partial-chain verification (X509_V_FLAG_PARTIAL_CHAIN) and OCSP response checking for the entire chain (X509_V_FLAG_OCSP_RESP_CHECK_ALL). In this configuration, the verification logic attempts to access the issuer of the final certificate in the chain without a self-signed trusted anchor, resulting in a crash. The issue is present in the core OpenSSL library outside the FIPS module boundary and carries a CVSS score of 7.5.

An unauthenticated remote attacker can trigger the flaw by supplying a certificate chain that lacks a self-signed root during TLS or other certificate-validation operations. Successful exploitation produces a denial of service through process termination; no confidentiality or integrity impact is possible. Both affected verification flags are disabled by default, limiting exposure to applications that have explicitly enabled the combination.

The official OpenSSL advisory and the referenced commits (14340b7 and eb345da) describe the root cause and provide patches that correct the missing NULL check for the issuer pointer when partial-chain mode is active. No other mitigations are specified beyond applying the updates or ensuring the two flags remain disabled.

The current EPSS score of 0.0003 indicates negligible observed exploitation interest.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A…

more

NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When performing OCSP response checking for certificates in the verification chain, the code always tries to access the next certificate as the issuer. There is a check for a self-signed certificate. However with the partial chain verification enabled when the chain does not have a self-signed trusted anchor, the issuer will be NULL for the last certificate in the chain. A NULL pointer dereference then happens. This issue affects only applications which enable both OCSP verification of the certificate chain (X509_V_FLAG_OCSP_RESP_CHECK_ALL) and partial chain verification (X509_V_FLAG_PARTIAL_CHAIN) in the certificate verification. Both flags are disabled by default. For that reason, we have assigned Low severity to the issue. No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL dereference enables remote unauthenticated DoS via crafted certificate chain during TLS/validation (application exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42767Same product: Openssl Openssl
CVE-2025-69421Same product: Openssl Openssl
CVE-2026-42766Same product: Openssl Openssl
CVE-2026-42764Same product: Openssl Openssl
CVE-2026-28389Same product: Openssl Openssl
CVE-2026-28390Same product: Openssl Openssl
CVE-2026-28388Same product: Openssl Openssl
CVE-2026-28386Same product: Openssl Openssl
CVE-2026-42771Same product: Openssl Openssl
CVE-2023-0217Same product: Openssl Openssl

Affected Assets

openssl
openssl
4.0.0 · 3.6.0 — 3.6.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References