DigiNews

Summary

OpenSSL has disclosed CVE-2026-45447, a heap-use-after-free vulnerability in PKCS7_verify() that can crash OpenSSL-based applications when processing crafted PKCS#7 or S/MIME messages. The issue is part of a broader 2026 advisories set (released 9 Jun 2026) that also documents several other CVEs; OpenSSL 4.0.1 and later fixes are referenced, with multiple affected major versions listed. Patch guidance and affected version details are provided in the advisory, underscoring the need to update for SMBs, MSPs, and any service using OpenSSL to verify CMS/PKCS7 data.