Skip to main content

OpenSSL CVE-2026-45447

| EUVD-2026-35491 HIGH
Use After Free (CWE-416)
2026-06-09 GHSA-f684-cpcq-j565
OpenSSL Information Disclosure Use After Free Memory Corruption
8.8
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Red Hat
8.1 HIGH
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

10
Analysis Updated
Jun 10, 2026 - 15:32 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 10, 2026 - 15:31 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 10, 2026 - 15:22 vuln.today
cvss_changed
Severity Changed
Jun 10, 2026 - 15:22 NVD
CRITICAL HIGH
CVSS changed
Jun 10, 2026 - 15:22 NVD
9.8 (CRITICAL) 8.8 (HIGH)
Source Code Evidence Fetched
Jun 09, 2026 - 20:24 vuln.today
Analysis Generated
Jun 09, 2026 - 20:24 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
9.8 (CRITICAL)
CVE Published
Jun 09, 2026 - 11:43 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 09, 2026 - 11:43 nvd
CRITICAL 9.8

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

Articles & Coverage 2

News 7 New OpenSSL Vulnerabilities - 1 Critical, 6 High Severity Jun 10, 2026 News Critical Heap Use-After-Free RCE in OpenSSL PKCS7_verify - CVE-2026-45447 Jun 09, 2026

AnalysisAI

Heap use-after-free in OpenSSL's PKCS7_verify() function affects multiple supported branches (1.0.2, 1.1.1, 3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.0) and is fixed in OpenSSL 4.0.1. Authenticated remote attackers able to submit crafted PKCS#7 signed data to a vulnerable application can trigger memory corruption leading to high-impact compromise of confidentiality, integrity, and availability per CVSS 8.8. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify service invoking PKCS7_verify()
Delivery
Obtain low-privileged submission access
Exploit
Deliver crafted PKCS#7 SignedData
Execution
Trigger use-after-free during verification
Persist
Reclaim freed chunk with controlled data
Impact
Achieve code execution or info disclosure in service context
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The vulnerable code path requires the target application to invoke OpenSSL's PKCS7_verify() on attacker-influenced input - typically S/MIME mail verification, CMS SignedData processing in signing/PKI services, or code-signing pipelines. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and warrant a measured rather than emergency response. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged access to an application that calls PKCS7_verify() - for example, an authenticated user of a signing portal, a sender to an S/MIME-processing mail gateway, or a client of a CMS-based document service - submits a crafted PKCS#7 SignedData blob that triggers the use-after-free during verification. The freed heap chunk is then reclaimed via a second attacker-controlled allocation in the same process, enabling memory disclosure, denial of service, or, given a favorable heap layout, arbitrary code execution in the service context. …
Remediation Apply the vendor-released patch by upgrading OpenSSL to 4.0.1 on the 4.x branch, or to the corresponding back-port for your branch: 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh, or 1.0.2zq (see https://openssl-library.org/news/secadv/20260609.txt and the GitHub release at https://github.com/openssl/openssl/releases/tag/openssl-4.0.1). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all systems and applications using OpenSSL versions 1.0.2, 1.1.1, 3.0.x, 3.4.x, 3.5.x, 3.6.x, or 4.0.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH
7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp
CVE-2026-53622 HIGH
Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected
SUSE Linux Enterprise Live Patching 15 SP4 Affected

Share

CVE-2026-45447 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy