1. OpenSSL Vulnerability CVE-2026-28390 Allows Denial of Service via Crafted CMS Messages
A newly disclosed vulnerability in OpenSSL enables attackers to crash applications by sending specially crafted CMS (Cryptographic Message Syntax) EnvelopedData messages. Tracked as CVE-2026-28390, the flaw stems from a NULL pointer dereference that occurs when processing KeyTransportRecipientInfo structures with RSA-O...