CVE-2026-10275 - Vulnerability Details

- OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow

Description

A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.

Published: 2026-06-01

Score: 2.3 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

An OpenSC buffer overflow exists in the test_kpgen_certwrite function of pkcs11-tool, allowing an attacker to overflow a buffer during key generation. The flaw can be leveraged remotely, but the high complexity and difficulty of exploitation reduce its practical threat. An attacker who succeeds could corrupt memory or crash the process, potentially leading to denial of service or arbitrary code execution in the worst case.

Affected Systems

OpenSC pkcs11-tool versions up to 0.26.1 are impacted. The vulnerability resides within the OpenSC component pkcs11-tool Key Generation Module. The affected product is OpenSC, with the buffer overflow present in the test_kpgen_certwrite routine of pkcs11-tool.c. No later versions than 0.26.1 have been confirmed to contain the fix.

Risk and Exploitability

The CVSS score is 2.3, indicating low severity. EPSS data are not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring the ability to invoke pkcs11-tool over a network. Exploit complexity is high and exploitability is difficult, yet published proof‑of‑concept code exists, suggesting that skilled adversaries could attempt the exploit. Overall risk remains low but should be mitigated promptly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

OpenSC

affected

Version	Status	Constraints
`0.26.0`	affected	—
`0.26.1`	affected	—

No data.

Vendor Product Confidence Versions

Opensc

95%

Version	Status	Scheme	Platform
`0.26.0`	affected	semver	—
`0.26.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the patch from commit 814f745b3b6d100295f65f1935edd33d520d33ab or upgrade to OpenSC 0.26.2 or later, which includes the fix.
Limit network exposure of the pkcs11-tool service by firewalling or binding it to trusted interfaces only.
Monitor system logs for abnormal pkcs11-tool activity and watch for crashes or buffer overrun patterns.

Generated by OpenCVE AI on June 1, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/OpenSC/OpenSC/
https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
https://github.com/OpenSC/OpenSC/issues/3682
https://github.com/OpenSC/OpenSC/pull/3684
https://pan.baidu.com/s/1nrZPKDz2eAcCpsaFiIRlrg
https://vuldb.com/cve/CVE-2026-10275
https://vuldb.com/submit/825403
https://vuldb.com/vuln/367568
https://vuldb.com/vuln/367568/cti

History

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.
Title		OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
First Time appeared		Opensc Opensc opensc
Weaknesses		CWE-119 CWE-120
CPEs		cpe:2.3:a:opensc:opensc::::::::
Vendors & Products		Opensc Opensc opensc
References		https://github.com/OpenSC/OpenSC/ https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab https://github.com/OpenSC/OpenSC/issues/3682 https://github.com/OpenSC/OpenSC/pull/3684 https://pan.baidu.com/s/1nrZPKDz2eAcCpsaFiIRlrg https://vuldb.com/cve/CVE-2026-10275 https://vuldb.com/submit/825403 https://vuldb.com/vuln/367568 https://vuldb.com/vuln/367568/cti
Metrics		cvssV2_0 `{'score': 5.1, 'vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 5, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Opensc Opensc

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T16:45:14.476Z

Updated: 2026-06-01T19:31:20.646Z

Reserved: 2026-05-31T16:00:08.522Z

Link: CVE-2026-10275

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-06-01T17:16:44.247

Modified: 2026-06-01T17:57:16.380

Link: CVE-2026-10275

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T18:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object