https://feed.craftedsignal.io/tags/cwe-427/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 03:20:08 +0000https://feed.craftedsignal.io/briefs/2026-04-vcpkg-openssl-path-vuln/Tue, 31 Mar 2026 03:20:08 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-vcpkg-openssl-path-vuln/A vulnerability exists in vcpkg versions prior to 3.6.1#3, where Windows builds of OpenSSL set openssldir to a path on the build machine, making that path vulnerable to attack on customer machines.The vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg’s Windows builds of OpenSSL configured the openssldir setting to a path specific to the build machine. This configuration error means that when the built OpenSSL binaries are deployed to customer machines, the openssldir value still points to a location on the original build system. This creates a vulnerability, because attackers could potentially manipulate or replace files in this directory on the…

]]>highadvisoryvulnerabilityopensslvcpkgcwe-427windows