Pki

🟠 High | Source: Microsoft Security Response Center CVE-2026-42767 is a NULL pointer dereference vulnerability in the CRMF (Certificate Request Message Format) EncryptedValue decryption process, affecting an Azure-related component. This class of vulnerability can cause application crashes or potentially be leveraged to execute arbitrary code, depending on how the affected component handles malformed input. If exploited, it could disrupt certificate management operations or be used as part of a broader attack chain targeting cryptographic infrastructure. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-34182 is a vulnerability in CMS (Cryptographic Message Syntax) AuthEnvelopedData processing that may allow an attacker to submit forged encrypted messages that are incorrectly accepted as valid. This undermines the integrity guarantees of authenticated encryption, potentially enabling an attacker to bypass message authentication checks. The flaw is particularly concerning in any Azure service or component that relies on CMS for secure message handling. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2026-42766 is a potential NULL dereference vulnerability affecting password-based CMS (Cryptographic Message Syntax) decryption, disclosed via Microsoft’s Security Response Centre. A NULL dereference flaw can cause an application or service to crash when processing malformed or malicious encrypted data, potentially leading to denial of service. This matters because CMS is widely used in certificate handling, S/MIME email, and PKI workflows, meaning affected services could be disrupted by a crafted payload. ...