CVE-2026-42766: NULL Dereference in CMS Decryption
🟡 Medium | Source: Microsoft Security Response Center CVE-2026-42766 is a potential NULL dereference vulnerability affecting password-based CMS (Cryptographic Message Syntax) decryption, disclosed via Microsoft’s Security Response Centre. A NULL dereference flaw can cause an application or service to crash when processing malformed or malicious encrypted data, potentially leading to denial of service. This matters because CMS is widely used in certificate handling, S/MIME email, and PKI workflows, meaning affected services could be disrupted by a crafted payload. ...