OpenSSL released a batch of 16 security advisories, addressing vulnerabilities across versions 1.0.2 through 4.0. The most severe is CVE-2026-45447, a HIGH severity heap use-after-free in the PKCS7_verify() function that may allow remote code execution via a specially crafted PKCS#7 or S/MIME signed message. The OpenSSL Project pre-announced the update in advance of release, consistent with its HIGH/CRITICAL disclosure practice.
CVE-2026-45447: Heap Use-After-Free in PKCS7_verify() with RCE Potential
CVE-2026-45447 exists in the PKCS7_verify() function, which applications call when verifying the digital signature on PKCS#7 structures — the cryptographic format underlying S/MIME email signatures. The vulnerability is classified as a heap use-after-free: memory on the heap is freed while a reference to that memory remains accessible, and subsequent operations may read or write to the freed region. Depending on heap layout and application behavior at runtime, this class of flaw can corrupt memory in ways that lead to arbitrary code execution.
The OpenSSL Project’s advisory characterizes the potential outcome as memory corruption or possibly remote code execution, acknowledging that exploitability varies across application contexts and platforms. The practical severity for any given deployment depends on how the application calls PKCS7_verify() and whether the heap state at the point of exploitation can be manipulated by an attacker-controlled input.
Thai Duong and Anthropic Research’s Joint Discovery of the PKCS#7 Flaw
CVE-2026-45447 was discovered by Thai Duong and Anthropic Research. Thai Duong is a veteran cryptographer previously at Google, where he co-discovered the BEAST attack against TLS 1.0 and contributed to the foundational work on POODLE. His joint authorship on this finding with researchers at Anthropic reflects an emerging pattern of AI research organizations contributing to traditional cryptographic security work — a development with implications for how AI-assisted vulnerability discovery tools may reshape the speed and scope of future security research.
S/MIME as the Delivery Vector for CVE-2026-45447
The attack surface for CVE-2026-45447 is any application that calls PKCS7_verify() on input it receives from an external source. Email clients and mail transfer agents that process S/MIME signed messages are the primary exposure category: an attacker can craft a malicious signed message and send it to any recipient whose mail client or mail server uses OpenSSL to process S/MIME verification. Applications that validate PKCS#7 signed documents in other contexts — document management platforms, code-signing verification pipelines, certificate processing tools — also fall within scope if they accept attacker-controlled content.
The Remaining 15 CVEs: Moderate and Low Severity Findings
Beyond CVE-2026-45447, the June 9 batch includes three moderate-severity findings of particular note alongside a collection of lower-severity issues covering ASN.1 parsing, PKCS#12 handling, OCSP processing, buffer overflows, and NULL pointer dereferences. The OpenSSL Project confirmed that most vulnerabilities in this batch do not affect OpenSSL FIPS modules, as the affected code falls outside the module boundary.
CVE-2026-34183: QUIC PATH_CHALLENGE Unbounded Memory Growth and Remote DoS
CVE-2026-34183 affects the QUIC protocol implementation within OpenSSL. A remote attacker can trigger unbounded memory growth through the PATH_CHALLENGE handler, causing the process to exhaust available memory and crash. QUIC is the transport layer underlying HTTP/3, and its deployment has expanded rapidly across CDN edges, load balancers, and web servers. A denial-of-service path that requires no authentication and targets a component present in modern high-traffic OpenSSL deployments carries meaningful risk for internet-facing infrastructure.
CVE-2026-34182 and CVE-2026-45445: Key Forgery and AES-OCB Nonce Reuse
CVE-2026-34182 is an input validation failure in CMS AuthEnvelopedData processing that enables key-equivalent forgery attacks — an attacker who can submit specially crafted CMS structures may forge authentication tags that should be cryptographically bound to a specific key. CVE-2026-45445 addresses AES-OCB IV reuse on the deprecated EVP_Cipher() code path: applications using this older API may reuse initialization vectors across encryptions, undermining the nonce uniqueness guarantee that AES-OCB’s security model requires. Both findings affect specific usage patterns rather than the entirety of OpenSSL’s cipher suite.
Patching OpenSSL Across Statically Linked and Embedded Deployments
OpenSSL’s deployment breadth creates a distribution challenge that the patch release alone does not fully address. Many environments rely on dynamically linked OpenSSL libraries updated through operating system package managers, where applying the OS update resolves the exposure. However, a substantial number of applications bundle statically linked copies of OpenSSL that are compiled into the application binary and not updated through system packages. Container images, IoT firmware, embedded systems, and compiled Go or Rust applications that vendor their cryptographic dependencies often fall into this category.
Organizations auditing their OpenSSL exposure should account for statically linked binaries specifically — a system-level package update that shows OpenSSL as current does not guarantee that every application process on that system is running the patched version. Tools that enumerate linked libraries across running processes or container filesystems are necessary to confirm complete remediation across environments with static linking in use.
