diff --git a/0025-cms-stdin2.patch b/0025-cms-stdin2.patch
new file mode 100644
index 0000000..6a76025
--- /dev/null
+++ b/0025-cms-stdin2.patch
@@ -0,0 +1,70 @@
+From 9bdf6bb619543248c1bee1d8207b455c1ee40ab6 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Fri, 20 Aug 2021 16:45:15 +0200
+Subject: [PATCH] Get rid of warn_binary
+
+Current implementation of warn_binary introduces a regression
+when the content is passed in /dev/stdin as an explicit file name
+and reads the file to be processed twice otherwise.
+
+I suggest to reimplement this functionality after 3.0 if necessary.
+
+Fixes #16359
+---
+ apps/cms.c | 29 -----------------------------
+ 1 file changed, 29 deletions(-)
+
+diff --git a/apps/cms.c b/apps/cms.c
+index c22027e3b198..b30273f1710d 100644
+--- a/apps/cms.c
++++ b/apps/cms.c
+@@ -272,31 +272,6 @@ static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags,
+     return NULL;
+ }
+ 
+-static void warn_binary(const char *file)
+-{
+-    BIO *bio;
+-    unsigned char linebuf[1024], *cur, *end;
+-    int len;
+-
+-    if (file == NULL)
+-        return; /* cannot give a warning for stdin input */
+-    if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL)
+-        return; /* cannot give a proper warning since there is an error */
+-    while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) {
+-        end = linebuf + len;
+-        for (cur = linebuf; cur < end; cur++) {
+-            if (*cur == '\0' || *cur >= 0x80) {
+-                BIO_printf(bio_err, "Warning: input file '%s' contains %s"
+-                           " character; better use -binary option\n",
+-                           file, *cur == '\0' ? "NUL" : "8-bit");
+-                goto end;
+-            }
+-        }
+-    }
+- end:
+-    BIO_free(bio);
+-}
+-
+ int cms_main(int argc, char **argv)
+ {
+     CONF *conf = NULL;
+@@ -911,8 +886,6 @@ int cms_main(int argc, char **argv)
+             goto end;
+     }
+ 
+-    if ((flags & CMS_BINARY) == 0)
+-        warn_binary(infile);
+     in = bio_open_default(infile, 'r',
+                           binary_files ? FORMAT_BINARY : informat);
+     if (in == NULL)
+@@ -924,8 +897,6 @@ int cms_main(int argc, char **argv)
+             goto end;
+         if (contfile != NULL) {
+             BIO_free(indata);
+-            if ((flags & CMS_BINARY) == 0)
+-                warn_binary(contfile);
+             if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                 goto end;
diff --git a/openssl.spec b/openssl.spec
index 6d1bc37..e5b2110 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 0.beta2.5%{?dist}
+Release: 0.beta2.6%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -64,6 +64,8 @@ Patch22: 0022-fix-openssl-req-password.patch
 Patch23: 0023-cms-stdin.patch
 # Instructions to load legacy provider in openssl.cnf
 Patch24: 0024-load-legacy-prov.patch
+# cms: don't read /dev/stdin twice
+Patch25: 0025-cms-stdin2.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -386,6 +388,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Mon Aug 23 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-0.beta2.6
+- Correctly process CMS reading from /dev/stdin
+- Resolves: rhbz#1986315
+
 * Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.5
 - Add instruction for loading legacy provider in openssl.cnf
 - Resolves: rhbz#1975836