A critical heap use-after-free vulnerability (CVE-2026-45447) has been discovered in OpenSSL's PKCS7_verify() function, affecting multiple versions including 3.x and 4.0. The vulnerability could allow attackers to cause denial of service or potentially execute arbitrary code by exploiting the heap corruption. Users are advised to update to the latest patched versions immediately.
Background
OpenSSL is a widely-used open-source implementation of the SSL and TLS protocols, providing cryptographic functions that secure a large portion of internet traffic. Security vulnerabilities in OpenSSL can have far-reaching consequences due to its widespread adoption in web servers, email servers, and other critical infrastructure.
- Source
- Lobsters
- Published
- Jun 10, 2026 at 09:08 AM
- Score
- 8.0 / 10