Skip to main content

OpenSSL EUVD-2026-35489

| CVE-2026-45445 HIGH
Missing Cryptographic Step (CWE-325)
2026-06-09 GHSA-v446-xwfm-x7mr
OpenSSL Information Disclosure
7.5
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Red Hat
9.1 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 09, 2026 - 20:23 vuln.today
Analysis Generated
Jun 09, 2026 - 20:23 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
7.5 (HIGH)
CVE Published
Jun 09, 2026 - 11:43 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 09, 2026 - 11:43 nvd
HIGH 7.5

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

Articles & Coverage 1

News 7 New OpenSSL Vulnerabilities - 1 Critical, 6 High Severity Jun 10, 2026

AnalysisAI

Confidentiality break in OpenSSL's AES-OCB implementation stems from the EVP_Cipher() code path ignoring the caller-supplied initialization vector (IV), causing the cipher to operate with a fixed/default IV instead. Affected branches include 3.0.x prior to 3.0.21, 3.4.x prior to 3.4.6, 3.5.x prior to 3.5.7, 3.6.x prior to 3.6.3, and 4.0.0, fixed in OpenSSL 4.0.1 and corresponding maintenance releases. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target using AES-OCB via EVP_Cipher()
Delivery
Capture ciphertext stream over network
Exploit
Collect multiple OCB encryptions under same key
Execution
Exploit fixed-IV nonce reuse
Persist
Recover plaintext XOR and forge tags
Impact
Disclose sensitive encrypted data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The victim application must use OpenSSL's AES-OCB cipher (e.g., EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb) and must drive encryption through the EVP_Cipher() dispatch entry point rather than the EVP_EncryptUpdate/EVP_EncryptFinal_ex sequence - applications using only AES-GCM, ChaCha20-Poly1305, or other AEAD modes are not affected, and applications that use AES-OCB through the standard EVP_EncryptUpdate path are not affected. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 7.5 vector (AV:N/AC:L/PR:N/UI:N/C:H/I:N/A:N) reflects a remote, unauthenticated confidentiality-only impact, which is consistent with a cryptographic flaw where a network-observing attacker can extract plaintext from ciphertext produced by a misuse-vulnerable peer. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can observe TLS-adjacent or application-layer ciphertext produced by a service that encrypts messages with AES-OCB via the EVP_Cipher() path collects two or more ciphertexts encrypted under the same key - because the IV is silently fixed, the OCB nonce-reuse condition is triggered and the attacker recovers the XOR of plaintexts, with further interactions enabling full plaintext recovery and forgery. No public exploit identified at time of analysis, but the cryptographic technique (OCB nonce-reuse) is well-documented in academic literature and would be straightforward for a competent adversary to weaponize against a known-vulnerable target.
Remediation Vendor-released patch: OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, and 3.0.21 - upgrade to the appropriate fixed release per your maintained branch as documented at https://github.com/openssl/openssl/releases/tag/openssl-4.0.1 and https://openssl-library.org/news/secadv/20260609.txt, and consume the distribution update where applicable (e.g., Ubuntu USN-8414-1 at https://ubuntu.com/security/notices/USN-8414-1). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems and applications using OpenSSL versions 3.0.x, 3.4.x, 3.5.x, 3.6.x, or 4.0.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH
7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp
CVE-2026-53622 HIGH
Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-35489 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy