On June 9, 2026, OpenSSL disclosed CVE-2026-45447, a high-severity heap use-after-free vulnerability (CVSS 9.8) in the PKCS7_verify() function that allows remote code execution via specially crafted PKCS#7 or S/MIME signed messages. The vulnerability was discovered by a California researcher working in collaboration with Claude AI and Anthropic Research, marking a notable instance of AI-assisted vulnerability discovery in production cryptographic infrastructure.
The flaw is granular and specific. When an application calls PKCS7_verify() on a digitally signed message where the SignedData digestAlgorithms field is represented as an empty ASN.1 SET, OpenSSL incorrectly frees a BIO object (binary input/output abstraction) that the calling application still owns. If the application later reuses or frees the same BIO, it encounters a classic use-after-free condition: the memory region can be read or written while in a freed state, potentially corrupting the heap and enabling arbitrary code execution depending on the allocator’s behavior and how the BIO is managed.
The attack surface is email. S/MIME is the cryptographic format underlying digitally signed email, and PKCS#7 is its underlying standard. Any email client, mail transfer agent, or other application that processes S/MIME signatures by calling the PKCS7_verify() API is exposed. An attacker crafts a malicious signed message, sends it to a victim, and the client’s signature-verification logic triggers the heap corruption when the message arrives. No user interaction is required beyond receiving the email.
OpenSSL affected versions span from 1.0.2 and 1.1.1 through the current 4.0 branch. Patched releases are 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh (premium support), and 1.0.2zq (premium support). Organizations should upgrade immediately. The alternative—migrating applications from the legacy PKCS7_verify() API to the OpenSSL CMS APIs—provides code-level remediation but requires development effort. The involvement of AI in vulnerability discovery signals that future research timelines for cryptographic flaws may compress. OpenSSL is foundational. The remediation timeline must match the risk.
Leave a Reply