{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/vcpkg/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-34054"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["vulnerability","openssl","vcpkg","cwe-427","windows"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg\u0026rsquo;s Windows builds of OpenSSL configured the \u003ccode\u003eopenssldir\u003c/code\u003e setting to a path specific to the build machine. This configuration error means that when the built OpenSSL binaries are deployed to customer machines, the \u003ccode\u003eopenssldir\u003c/code\u003e value still points to a location on the original build system. This creates a vulnerability, because attackers could potentially manipulate or replace files in this directory on the…\u003c/p\u003e\n","date_modified":"2026-03-31T03:20:08Z","date_published":"2026-03-31T03:20:08Z","id":"/briefs/2026-04-vcpkg-openssl-path-vuln/","summary":"A vulnerability exists in vcpkg versions prior to 3.6.1#3, where Windows builds of OpenSSL set openssldir to a path on the build machine, making that path vulnerable to attack on customer machines.","title":"vcpkg OpenSSL Windows Build Path Vulnerability (CVE-2026-34054)","url":"https://feed.craftedsignal.io/briefs/2026-04-vcpkg-openssl-path-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Vcpkg","version":"https://jsonfeed.org/version/1.1"}