CVE Vulnerabilities

CVE-2026-42769

Improper Certificate Validation

Published: Jun 09, 2026 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.9 LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Ubuntu
LOW
root.io logo minimus.io logo echo.ai logo

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level.

Impact Summary: The Registration Autority could replace the root CA certificate for the CMP clients with an arbitrary root CA certificate.

One of the parts of the Certificate Management Protocol (CMP), specified in RFC 9810, is Root Certification Authority (root CA) key Rollover, which is sent by the server in a message with type id-it-rootCaKeyUpdate. As part of these messages, newWithOld certificate, the new root CA certificate signed with the old root CA key, is provided, and verifying its signature is crucial for transferring the trust from the old CA key to the new one.

The id-it-rootCaKeyUpdate messages are expected to be processed with OSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the newWithOld certificate. A typo in the certificate chain building code led to adding an incorrect certificate (newWithOld instead of oldRoot) to the certificate chain, rendering the certificate verification process ineffectual (only the issuer name and the algorithm OIDs were verified by other parts of the verification code).

An attacker who already has credentials that satisfy the CMP message protection checks can generate a new key pair and use a crafted self-signed certificate in its id-it-rootCaKeyUpdate CMP messages which affected CMP clients would accept as a new trust anchor.

Significant preconditions for the attack (having valid RA-level credentials) are the reason the issue was assigned Low severity.

The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
OpensslOpenssl3.4.0 (including)3.4.6 (excluding)
OpensslOpenssl3.5.0 (including)3.5.7 (excluding)
OpensslOpenssl3.6.0 (including)3.6.3 (excluding)
OpensslOpenssl4.0.0 (including)4.0.0 (including)
Red Hat Enterprise Linux 10RedHatopenssl-1:3.5.5-4.el10_2*
Red Hat Enterprise Linux 9RedHatopenssl-1:3.5.5-4.el9_8*
Red Hat Enterprise Linux 9RedHatopenssl-1:3.5.5-4.el9_8*
Red Hat Discovery 2RedHatdiscovery/discovery-server-rhel9:1782159791*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782166952*
Red Hat Update Infrastructure 5RedHatrhui5/cds-rhel9:1781525684*
Red Hat Update Infrastructure 5RedHatrhui5/haproxy-rhel9:1781525671*
Red Hat Update Infrastructure 5RedHatrhui5/installer-rhel9:1781525693*
Red Hat Update Infrastructure 5RedHatrhui5/rhua-rhel9:1781525739*
NodejsUbuntuesm-apps/jammy*
NodejsUbuntujammy*
OpensslUbuntudevel*
OpensslUbuntuquesting*
OpensslUbunturesolute*

Potential Mitigations

References