CVE Catalog

CVE-2026-6331

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Vulnerability in EVP_DigestVerifyFinal allows forgery of zero-length HMAC tags. In the OpenSSL-compatible HMAC verification path, only the supplied signature length not exceeding the MAC length was checked, allowing zero-length or truncated tags to be accepted. The fix requires the supplied tag length to exactly equal the MAC length and rejects zero-length tags.

Risk Assessment

An attacker can forge an HMAC signature by providing an empty or truncated tag, potentially bypassing authentication mechanisms and compromising data integrity.

Recommendation

Immediately update the cryptographic library to a version that enforces exact tag length matching to the MAC length.

Original NVD description (English source)

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS