OpenSSL Security Updates – 10 June 2026

OpenSSL has released security updates to address several vulnerabilities affecting OpenSSL Software Services.

The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, bypass security restrictions, obtain sensitive information, gain elevated privileges, or execute arbitrary code on the affected system.

Sample of the addressed vulnerabilities:

1. OpenSSL Heap Use-After-Free in the PKCS7_verify() Function Vulnerability (CVE-2026-45447):

  • CVSS: 9.8
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Denial of Service

2. OpenSSL Trust-Anchor Substitution via Cert/Issuer Typo in CMP rootCaKeyUpdate Vulnerability (CVE-2026-42769):

  • CVSS: 5.3
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Consequences: Gain Privileges
Vulnerabilities
  • CVE-2026-34180
  • CVE-2026-34181
  • CVE-2026-34182
  • CVE-2026-34183
  • CVE-2026-35188
  • CVE-2026-42764
  • CVE-2026-42765
  • CVE-2026-42766
  • CVE-2026-42767
  • CVE-2026-42768
  • CVE-2026-42769
  • CVE-2026-42770
  • CVE-2026-42771
  • CVE-2026-45445
  • CVE-2026-45446
  • CVE-2026-45447
  • CVE-2026-7383
  • CVE-2026-9076
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

OpenSSL Security Updates

References