Red Hat Security Advisory: opencryptoki security update
A moderate severity vulnerability (CVE-2026-40253) affects the opencryptoki packages used in Red Hat Enterprise Linux 8. The issue involves information disclosure and denial of service caused by malformed BER-encoded cryptographic objects. The opencryptoki package implements version 2.11 of the PKCS#11 API for IBM cryptographic hardware and software tokens. Red Hat has released an update to address this vulnerability in opencryptoki version 3.22.0-3.el8_10.3. The advisory covers multiple Red Hat Enterprise Linux 8 variants and CodeReady Linux Builder products. No CVSS score is provided, but the vendor rates the impact as moderate.
AI Analysis
Technical Summary
The opencryptoki packages in Red Hat Enterprise Linux 8 implement the PKCS#11 API version 2.11 for IBM cryptographic hardware and software tokens. A vulnerability identified as CVE-2026-40253 allows information disclosure and denial of service through malformed BER-encoded cryptographic objects. The issue affects the Slot Daemon (pkcsslotd) and related utilities. Red Hat has issued a security update (opencryptoki-3.22.0-3.el8_10.3) to fix this vulnerability. The advisory applies to multiple architectures and product variants of Red Hat Enterprise Linux 8 and CodeReady Linux Builder. The vendor rates the security impact as moderate and provides guidance for applying the update.
Potential Impact
Successful exploitation of CVE-2026-40253 could lead to information disclosure and denial of service conditions in systems using the opencryptoki package. This affects cryptographic operations involving IBM cryptographic hardware or software tokens that process BER-encoded cryptographic objects. The impact is rated moderate by Red Hat Product Security. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released an official security update for opencryptoki (version 3.22.0-3.el8_10.3) that addresses this vulnerability. Users of affected Red Hat Enterprise Linux 8 and CodeReady Linux Builder products should apply the update as described in the Red Hat advisory (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated beyond applying the official patch.
Red Hat Security Advisory: opencryptoki security update
Description
A moderate severity vulnerability (CVE-2026-40253) affects the opencryptoki packages used in Red Hat Enterprise Linux 8. The issue involves information disclosure and denial of service caused by malformed BER-encoded cryptographic objects. The opencryptoki package implements version 2.11 of the PKCS#11 API for IBM cryptographic hardware and software tokens. Red Hat has released an update to address this vulnerability in opencryptoki version 3.22.0-3.el8_10.3. The advisory covers multiple Red Hat Enterprise Linux 8 variants and CodeReady Linux Builder products. No CVSS score is provided, but the vendor rates the impact as moderate.
Affected software
pkg:rpm/redhat/opencryptokiRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The opencryptoki packages in Red Hat Enterprise Linux 8 implement the PKCS#11 API version 2.11 for IBM cryptographic hardware and software tokens. A vulnerability identified as CVE-2026-40253 allows information disclosure and denial of service through malformed BER-encoded cryptographic objects. The issue affects the Slot Daemon (pkcsslotd) and related utilities. Red Hat has issued a security update (opencryptoki-3.22.0-3.el8_10.3) to fix this vulnerability. The advisory applies to multiple architectures and product variants of Red Hat Enterprise Linux 8 and CodeReady Linux Builder. The vendor rates the security impact as moderate and provides guidance for applying the update.
Potential Impact
Successful exploitation of CVE-2026-40253 could lead to information disclosure and denial of service conditions in systems using the opencryptoki package. This affects cryptographic operations involving IBM cryptographic hardware or software tokens that process BER-encoded cryptographic objects. The impact is rated moderate by Red Hat Product Security. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released an official security update for opencryptoki (version 3.22.0-3.el8_10.3) that addresses this vulnerability. Users of affected Red Hat Enterprise Linux 8 and CodeReady Linux Builder products should apply the update as described in the Red Hat advisory (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated beyond applying the official patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:26352
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a32705d0b89be68881d4a87
Added to database: 6/17/2026, 10:01:01 AM
Last enriched: 6/17/2026, 10:06:11 AM
Last updated: 6/17/2026, 12:03:35 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.