Bug 2481882 (CVE-2026-34181)

Summary: CVE-2026-34181 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: hyoskim, prodsec-dev, rhel-process-autobot, security-response-team, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---Flags: hyoskim: needinfo? (prodsec-dev)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2026-06-09   

Description OSIDB Bzimport 2026-05-27 13:55:57 UTC 
PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys (CVE-2026-34181)
Severity: Low

Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certificate and private key forgery.

Impact Summary: An attacker impersonating a user can cause a service reading
PKCS#12 files to accept forged certificates and private keys with a 1 in 256
probability.

If a service accepting PKCS#12 files is using passwords for authenticating
the received files, the attacker can create unencrypted PKCS#12 files that
use PBMAC1 authentication that specifies an HMAC key of only one byte, allowing
them to craft a file that will be accepted with a 1 in 256 probability.
That would then cause the service to accept a certificate and private key
controlled by the attacker.

The FIPS modules are not affected by this issue, as the affected code is
outside the OpenSSL FIPS module boundary.

OpenSSL 4.0, 3.6, 3.5, and 3.4 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do
not support PBMAC1 in PKCS#12.

OpenSSL 4.0 users should upgrade to OpenSSL 4.0.1.
OpenSSL 3.6 users should upgrade to OpenSSL 3.6.3.
OpenSSL 3.5 users should upgrade to OpenSSL 3.5.7.
OpenSSL 3.4 users should upgrade to OpenSSL 3.4.6.

This issue was reported on 2nd March 2026 by Pavol Žáčik (Red Hat).
This issue was also reported on 16th April 2026 by Alex Gaynor (Anthropic).

The fix has been developed by Alicja Kario (Red Hat).
Comment 2 errata-xmlrpc 2026-06-11 12:31:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:25237 https://access.redhat.com/errata/RHSA-2026:25237
Comment 3 errata-xmlrpc 2026-06-11 12:34:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:25239 https://access.redhat.com/errata/RHSA-2026:25239