8.8
HIGH CVSS 3.1
CVE-2026-45447
Heap Use-After-Free in the PKCS7_verify() Function
Description

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

INFO

Published Date :

June 9, 2026, 5:17 p.m.

Last Modified :

June 16, 2026, 2:56 a.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2026-45447 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Openssl openssl
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Solution
Update OpenSSL to a version that addresses the use-after-free vulnerability during signature verification.
  • Update OpenSSL library to a patched version.
  • Verify affected applications use patched OpenSSL.
  • Avoid processing untrusted PKCS#7 or S/MIME messages.
  • Use CMS APIs for message processing if possible.
Public PoC/Exploit Available at Github

CVE-2026-45447 has a 9 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-45447 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-45447 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Hands-on DevSecOps demo: a hardened, multi-stage Docker build for a Flask app with a Trivy CI security gate, SBOM generation (Syft), Docker Scout scanning, digest-pinned base images, and documented CVE exceptions. Build fails on HIGH/CRITICAL vulns.

ci-cd container-security devops devsecops docker-scout flask github-actions image-hardening python sbom security-gate shift-left supply-chain-security syft trivy vulnerability-scanning

Python

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : June 22, 2026, 9:12 p.m. This repo has been linked 3 different CVEs too.

Tooling for generating and manipulating Software Bill of Materials (SBOMs) for OpenVox projects.

Ruby

Updated: 1 week, 2 days ago
0 stars 1 fork 1 watcher
Born at : June 22, 2026, 7:12 p.m. This repo has been linked 10 different CVEs too.

None

Dockerfile HCL JavaScript HTML Python Shell

Updated: 6 days, 10 hours ago
0 stars 0 fork 0 watcher
Born at : June 22, 2026, 2:12 p.m. This repo has been linked 1 different CVEs too.

CVE-2026-45447

Shell

Updated: 2 weeks, 4 days ago
1 stars 0 fork 0 watcher
Born at : June 13, 2026, 1:57 p.m. This repo has been linked 1 different CVEs too.

Demo app for DevSecOps pipeline

Java Dockerfile

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : June 10, 2026, 11:26 p.m. This repo has been linked 3 different CVEs too.

Dockerized Python automation tool that converts Grype vulnerability scan results into Excel reports.

Dockerfile Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : June 5, 2026, 10:28 a.m. This repo has been linked 2 different CVEs too.

RetailStore es una plataforma de e-commerce

Dockerfile HTML TypeScript Python Go HCL Shell

Updated: 2 days, 3 hours ago
0 stars 0 fork 0 watcher
Born at : June 1, 2026, 3:26 p.m. This repo has been linked 7 different CVEs too.

A variety of tech related news summarized regularly.

custom-elements gpt-4o html machine-learning progressive-web-app pwa web-components news-summarization

HTML Shell JavaScript

Updated: 3 weeks ago
2 stars 2 fork 2 watcher
Born at : Jan. 25, 2025, 1:42 a.m. This repo has been linked 1 different CVEs too.

All Public RunWhen Helm Charts - Managed by terraform

Shell Dockerfile Go Template

Updated: 1 week ago
1 stars 1 fork 1 watcher
Born at : Sept. 18, 2023, 10:09 a.m. This repo has been linked 111 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-45447 vulnerability anywhere in the article.

  • security.nl
OpenSSL-lek gevonden met AI kan mogelijk tot remote code execution leiden

Een beveiligingsonderzoeker heeft met behulp van AI een kwetsbaarheid in OpenSSL gevonden die in bepaalde gevallen mogelijk tot remote code execution kan leiden, zo laat het ontwikkelteam weten. Er zi ... Read more

Published Date: Jun 10, 2026 (3 weeks ago)

The following table lists the changes that have been made to the CVE-2026-45447 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jun. 16, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2zq *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1zh *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.21 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.4.0 up to (excluding) 3.4.6 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (excluding) 3.5.7 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.6.0 up to (excluding) 3.6.3 *cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:*
    Added Reference Type OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c Types: Patch
    Added Reference Type OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8 Types: Patch
    Added Reference Type OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 Types: Patch
    Added Reference Type OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c Types: Patch
    Added Reference Type OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e Types: Patch
    Added Reference Type OpenSSL Software Foundation: https://openssl-library.org/news/secadv/20260609.txt Types: Vendor Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 10, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by [email protected]

    Jun. 10, 2026

    Action Type Old Value New Value
    Added Reference https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
    Added Reference https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
    Added Reference https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
    Added Reference https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
    Added Reference https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e
    Removed Reference https://github.com/openssl/security/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
    Removed Reference https://github.com/openssl/security/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
    Removed Reference https://github.com/openssl/security/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
    Removed Reference https://github.com/openssl/security/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
    Removed Reference https://github.com/openssl/security/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 09, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • New CVE Received by [email protected]

    Jun. 09, 2026

    Action Type Old Value New Value
    Added Description Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
    Added CWE CWE-416
    Added Reference https://github.com/openssl/security/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
    Added Reference https://github.com/openssl/security/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
    Added Reference https://github.com/openssl/security/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
    Added Reference https://github.com/openssl/security/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
    Added Reference https://github.com/openssl/security/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e
    Added Reference https://openssl-library.org/news/secadv/20260609.txt
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.