VYPR
High severity7.8NVD Advisory· Published Mar 31, 2026· Updated Apr 1, 2026

CVE-2026-34054

CVE-2026-34054

Description

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Microsoft/Vcpkgreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <3.6.1#3

Patches

Vulnerability mechanics

References

3

News mentions

1