CVE-2026-41898

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Prediction

0.0006

Probability of exploitation

0.18%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-126 CWE-126

CWE-130 CWE-130

Affected Products

Vendor	Product	Versions
rust-openssl_project	rust-openssl	0.9.24 — 0.10.78

References

Advisories & Patches

https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Other References

https://github.com/rust-openssl/rust-openssl/pull/2607 https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

Frequently Asked Questions

What is CVE-2026-41898? +

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78. It has a CVSS v3.1 base score of 9.8 (CRITICAL).

How severe is CVE-2026-41898? +

CVE-2026-41898 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately. The EPSS score is 0.0006, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-41898? +

CVE-2026-41898 affects products from rust-openssl_project, specifically: rust-openssl. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-41898? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-12975

A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet …

CVE-2017-17772 9.8

In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

CVE-2024-38373 9.6

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the …

CVE-2023-51773 9.1

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.

CVE-2025-55081 9.1

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain …

CVE-2025-12106 9.1

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP …