NextGuard
UNKNOWNCVE-2026-34054

openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

Platform

windows

Component

vcpkg

Fixed in

3.6.1#3

View on NVD

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3.

How to fix

Actualice vcpkg a la versión 3.6.1#3 o superior. Esto corrige la configuración incorrecta de openssldir en las compilaciones de Windows, evitando posibles ataques en las máquinas de los clientes.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-34054 — Vulnerability Details | NextGuard | NextGuard