OpenSC smartcard framework

by OpenSC Projectv0.26.1

Last updated Jun 8, 2026

Open Source smartcard driver for Windows

Install with winget

$ winget install --id OpenSC.OpenSC --exact --version 0.26.1

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for OpenSC smartcard framework

OpenSC smartcard framework uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i OpenSC-0.26.1_win64.msi /quiet /norestart /norestart

See the full silent install reference for OpenSC smartcard framework →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS CryptoTokenKit.

Installers · v0.26.1

Architecture	Type	Scope	Install	Download
x86	MSI WiX	machine		Direct
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

low3.8Fix in v0.27.0CVE-2026-40528affects before 0.27.0May 29, 2026
OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocati...
Patch
low3.8Fix in v0.27.0CVE-2026-40510affects before 0.27.0May 29, 2026
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device retur...
Patch
low3.8Fix in v0.27.0CVE-2025-66215affects before 0.27.0Mar 30, 2026
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or...
Patch Vendor advisory
low3.9Fix in v0.27.0CVE-2025-66038affects before 0.27.0Mar 30, 2026
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the en...
Patch Vendor advisory
low3.9Fix in v0.27.0CVE-2025-66037affects before 0.27.0Mar 30, 2026
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() all...
Vendor advisory
low3.8Fix in v0.27.0CVE-2025-49010affects before 0.27.0Mar 30, 2026
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or s...
Vendor advisory
low2.9Patched in wingetCVE-2024-8443Sep 10, 2024
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in a...
Vendor advisory
low3.9Patched in wingetCVE-2024-45620affects before 0.26.0Sep 3, 2024
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be i...
Vendor advisory

Showing 8 of 25. Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

OpenSC smartcard framework LightOpenSC Project
OpenSC.OpenSC.Lightv0.26.1
Open Source smartcard driver for Windows
Proton VPNProton AG
Proton.ProtonVPNv4.4.1
High-speed Swiss VPN that safeguards your privacy.
W
WinLibs (POSIX threads, UCRT runtime)Brecht Sanders
BrechtSanders.WinLibs.POSIX.UCRTv16.1.0-14.0.0-r2
A standalone build of GCC and MinGW-w64 for Windows, with POSIX threading library and UCRT runtime library.
Sera AntivirusYash12007
Yash12007.SeraAntivirusv3.0.0
Minimal, calm antivirus with real-time safety score and built-in system tools.
Embarcadero Dev-C++Embarcadero Technologies Inc.
Embarcadero.Dev-C++v6.3
A fast, portable, simple, and free C/C++ IDE
Nessus AgentTenable, Inc.
Tenable.NessusAgentv11.2.0.20301
Nessus Agents give you visibility into additional IT assets - even endpoints, and other remote assets that intermittently connect to the internet.

More from OpenSC Project or browse c, minidriver, opensc.

Frequently asked questions

How do I install OpenSC smartcard framework on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id OpenSC.OpenSC --exact --version 0.26.1. winget downloads the installer from OpenSC Project and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install OpenSC smartcard framework silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id OpenSC.OpenSC --exact 0.26.1 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for OpenSC smartcard framework?

OpenSC smartcard framework uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i OpenSC-0.26.1_win64.msi /quiet /norestart /norestart. The silent switches are /quiet /norestart.

How do I uninstall OpenSC smartcard framework via winget?

Run: winget uninstall --id OpenSC.OpenSC --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from OpenSC smartcard framework's Apps & Features entry.

Is OpenSC smartcard framework free?

OpenSC smartcard framework is distributed under LGPL-2.1. Refer to the publisher (https://github.com/OpenSC/OpenSC/releases) for the full license terms - Wingetly itself does not charge for installation.

Does OpenSC smartcard framework work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls OpenSC smartcard framework directly from the publisher.

How do I keep OpenSC smartcard framework up to date?

Run winget upgrade --id OpenSC.OpenSC --exact, or winget upgrade --all to update everything winget tracks. We index 2 versions of OpenSC smartcard framework from microsoft/winget-pkgs.

Recent versions

0.26.1latest
0.23.0.0