Opencryptoki Project Opencryptoki — known CVE vulnerabilities
Every CVE whose affected-product data names Opencryptoki Project Opencryptoki, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-40253 — CVSS 6.8 (medium): openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in…
CVE-2026-23893 — CVSS 6.8 (medium): openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when…
CVE-2026-22791 — CVSS 6.6 (medium): openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the…
CVE-2012-4455 — CVSS 6.2 (medium): openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1)…
CVE-2024-0914 — CVSS 5.9 (medium): A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts…
CVE-2021-3798 — CVSS 5.5 (medium): A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via…
CVE-2012-4454 — CVSS 2.9 (low): openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a…