CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-6092

mediumCVSS 5.3covered by 2 sourcesfirst seen 2026-06-09
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.

CSIRTS triage

Other
What
The vulnerability could allow a fallback from Encrypt-then-MAC to MAC-then-Encrypt under certain configurations.
Who is affected
Systems configured with HAVE_ENCRYPT_THEN_MAC may be affected.
Urgency
Remediation is medium urgency due to the medium severity rating.
Action
Update configurations as necessary and apply patches when released.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-6092

Get an email if CVE-2026-6092 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-6092

CVE.org record

Embed the live status

CVE-2026-6092 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-6092 status](https://www.csirts.com/badge/CVE-2026-6092)](https://www.csirts.com/cve/CVE-2026-6092)