Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling

A newly disclosed vulnerability in OpenSSL is raising concerns across the cybersecurity community after researchers found it could expose sensitive data from application memory during cryptographic operations.

Tracked as CVE-2026-31790, the flaw affects the RSA Key Encapsulation Mechanism (KEM), specifically the RSASVE encapsulation process used to securely exchange encryption keys.

OpenSSL published an advisory on April 7, 2026, warning users to apply patches as soon as possible.

Improper Error Handling Leads to Data Exposure

The root cause of the issue lies in how OpenSSL handles failures during RSA encryption. When applications generate a shared secret using RSASVE, they rely on the function RSA_public_encrypt() to perform encryption and return a status code.

Under normal conditions, this function returns the number of bytes written on success and -1 when an error occurs.

However, due to improper validation logic in affected versions, the code only checks whether the return value is non-zero.

This creates a critical flaw: a return value of -1, which indicates failure, is mistakenly treated as a successful operation.

As a result, the application continues the encapsulation process even though encryption has failed. It sets output lengths and processes the ciphertext buffer as if it contains valid encrypted data.

This flawed logic opens the door for attackers to exploit the vulnerability by supplying a malformed or invalid RSA public key.

If the application does not properly validate the key beforehand, the failed encryption attempt is misinterpreted as successful.

In such cases, the system may return uninitialized memory from the ciphertext buffer back to the attacker.

This “stale” memory can contain sensitive data left over from previous operations, including cryptographic material or application data.

For example, a malicious client interacting with a vulnerable server could repeatedly send crafted public keys and receive fragments of memory in response, potentially leading to data leakage over time.

Affected Versions and Patches

The vulnerability impacts OpenSSL 3.x versions, while legacy branches such as 1.0.2 and 1.1.1 remain unaffected. Security updates have been released to address the issue:

• OpenSSL 3.0 → upgrade to 3.0.20
• OpenSSL 3.3 → upgrade to 3.3.7
• OpenSSL 3.4 → upgrade to 3.4.5
• OpenSSL 3.5 → upgrade to 3.5.6
• OpenSSL 3.6 → upgrade to 3.6.2

The flaw was reported by Simo Sorce of Red Hat in February 2026, with a fix developed by Nikola Pajkovsky.

Organizations unable to immediately apply patches can reduce risk through code-level safeguards. Developers are advised to validate RSA public keys before performing encapsulation.

Calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() prior to EVP_PKEY_encapsulate() ensures that invalid keys are rejected early, preventing the faulty execution path and blocking potential memory leaks.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling appeared first on Cyber Security News.