Skip to content
Threat Feed
high advisory

vcpkg OpenSSL Windows Build Path Vulnerability (CVE-2026-34054)

A vulnerability exists in vcpkg versions prior to 3.6.1#3, where Windows builds of OpenSSL set openssldir to a path on the build machine, making that path vulnerable to attack on customer machines.

The vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg’s Windows builds of OpenSSL configured the openssldir setting to a path specific to the build machine. This configuration error means that when the built OpenSSL binaries are deployed to customer machines, the openssldir value still points to a location on the original build system. This creates a vulnerability, because attackers could potentially manipulate or replace files in this directory on the…

Detection coverage 2

Detect OpenSSL loading from non-standard path

medium

Detects when OpenSSL libraries are loaded from a non-standard path, which might indicate exploitation of CVE-2026-34054

sigma tactics: defense_evasion techniques: T1027 sources: image_load, windows

Detect modification of OpenSSL config directory

high

Detects modification events within the OpenSSL configuration directory, potentially indicating malicious activity related to CVE-2026-34054.

sigma tactics: persistence techniques: T1547.001 sources: file_event, windows

Detection queries are kept inside the platform. Get full rules →