1. OpenSSL NULL Pointer Dereference Vulnerability CVE-2026-28389 Exposes CMS Processing to Denial of Service
A critical NULL pointer dereference vulnerability has been identified in OpenSSL's handling of CMS EnvelopedData messages, potentially enabling remote denial of service attacks against applications that process untrusted cryptographic data. The flaw, tracked as CVE-2026-28389, specifically targets the KeyAgreeRecipient...