CVE-2026-45447 is a heap use-after-free in OpenSSL’s PKCS7_verify() function. The bug is triggered by a specially crafted PKCS#7 or S/MIME signed message where the SignedData.digestAlgorithms field is present as an empty ASN.1 SET. OpenSSL’s own June 9, 2026 advisory rates the issue High and states that the impact may include process crashes, heap corruption, or, in some application contexts, potentially remote code execution. The most important operational detail is narrower than the headline: applications are exposed when they process attacker-supplied PKCS#7 or S/MIME signed messages through OpenSSL PKCS#7 APIs, not merely because OpenSSL is installed on a host. (OpenSSL Library)
That distinction matters because OpenSSL sits everywhere. A fleet may have thousands of hosts with OpenSSL packages, containers, statically linked binaries, language runtimes, appliances, developer tools, and security products. CVE-2026-45447 does not make every ordinary HTTPS listener equally dangerous. A standard web server using OpenSSL only for TLS termination is not the same risk as a mail security gateway that verifies inbound S/MIME signatures, a document-processing service that accepts PKCS#7 signed blobs, or a certificate portal that validates uploaded signed content.
The better triage question is not “Do we use OpenSSL?” It is “Can an attacker or untrusted partner cause our software to call PKCS7_verify() on PKCS#7 or S/MIME content?” Package presence tells you where patching is required. Parser reachability tells you where incident-level validation should start.
OpenSSL says the affected branches are 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2, with fixed versions 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh for premium support customers, and 1.0.2zq for premium support customers. The advisory also states that applications using CMS APIs for this processing are not affected by this specific issue, and that the FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected because the vulnerable code is outside the OpenSSL FIPS module boundary. (OpenSSL Library)
The practical consequence is clear. Patch the vulnerable OpenSSL versions, but prioritize validation around systems that ingest signed cryptographic containers from outside a trusted boundary. S/MIME mail flows, PKCS#7 upload endpoints, signature-verification services, PKI tooling, secure document workflows, software-update verification, and security appliances deserve more attention than generic TLS-only servers.
What is known about CVE-2026-45447
| Area | Current technical understanding |
|---|---|
| CVE | CVE-2026-45447 |
| Component | OpenSSL PKCS#7 signature verification |
| Function | PKCS7_verify() |
| Vulnerability class | Heap use-after-free, CWE-416 according to NVD change history |
| Trigger input | A crafted PKCS#7 or S/MIME signed message |
| Specific malformed structure | SignedData.digestAlgorithms present as an empty ASN.1 SET |
| Ownership error | OpenSSL may incorrectly free a caller-owned BIO |
| Common follow-on event | The calling application later uses or frees the same BIO |
| Potential impact | Crash, heap corruption, or potentially remote code execution depending on allocator behavior and application usage |
| Affected API path | OpenSSL PKCS#7 APIs used for PKCS#7 or S/MIME signed message processing |
| Explicit non-affected path | CMS APIs for this processing, per OpenSSL advisory |
| FIPS status | OpenSSL FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected |
| Main remediation | Upgrade to the fixed OpenSSL version for the branch |
| Main triage mistake | Treating all OpenSSL package presence as equivalent to reachable parser exposure |
NVD’s entry repeats the core issue summary and adds useful context: the vulnerable path can lead to a use-after-free when a caller later uses the BIO originally passed to PKCS7_verify(), and the issue may result in crash, memory corruption, or potential remote code execution depending on allocator behavior and application-specific BIO usage patterns. NVD also shows that applications using OpenSSL PKCS#7 APIs may be affected, while applications using CMS APIs for this processing are not affected. (NVD)
Ubuntu’s CVE page lists the issue as High priority with a CVSS 3 score of 8.8, while NVD’s page shows a CISA-ADP CVSS vector in its change history and notes that NVD’s own enrichment had not yet provided an assessment at the time captured. That scoring variation should not distract from the remediation path. The vendor-fixed versions are clear, the vulnerable path is clear, and the exposure question is primarily about whether the PKCS#7 signed-message verification path is reachable from untrusted input. (Ubuntu)
Why this is not just another OpenSSL version alert
A lot of OpenSSL advisories get flattened into the same operational ticket: “upgrade OpenSSL everywhere.” That is necessary but incomplete. CVE-2026-45447 is a parser-path vulnerability. The dangerous condition is not only the library version. The dangerous condition is vulnerable library version plus reachable PKCS7_verify() usage plus attacker-influenced PKCS#7 or S/MIME signed content.
That is why the highest-risk systems are usually not the most obvious TLS endpoints. A public Nginx or Apache server using OpenSSL for normal HTTPS may still need package updates, but it is not automatically the most urgent CVE-2026-45447 validation target. A lower-profile service that accepts .p7m, .p7s, application/pkcs7-signature, application/pkcs7-mime, or S/MIME email can be much more relevant.
Parser vulnerabilities are often asymmetric in a way vulnerability dashboards do not capture well. The vulnerable component may be installed widely, but the exploitability is concentrated in workflows that parse attacker-controlled structured data. That means a version-only scanner can overstate some systems and understate others. A host can look vulnerable because it carries an affected OpenSSL package but never call the vulnerable function. Another host can look boring in asset inventory but run a bundled or statically linked copy inside a mail gateway, document processor, or proprietary appliance that processes hostile cryptographic containers all day.
The right model is a two-layer model. First, find affected OpenSSL versions. Second, prove which software paths parse untrusted PKCS#7 or S/MIME signed messages with OpenSSL PKCS#7 APIs. Skipping the first layer leaves you unpatched. Skipping the second leaves you unable to prioritize.
PKCS#7, S/MIME, and why PKCS7_verify() is a risky boundary
PKCS#7 is a cryptographic message format historically used for signed and encrypted data. S/MIME uses related message structures for signed and encrypted email. In practice, security teams see PKCS#7-like content in mail clients, mail gateways, document-signing tools, certificate workflows, firmware or package-signing systems, and legacy integrations that predate newer CMS-oriented implementations.
OpenSSL’s PKCS7_verify() verifies a PKCS#7 signedData structure. Its documented signature accepts a PKCS7 *p7, an optional certificate stack, an optional trusted certificate store, a BIO containing detached signed data if needed, a BIO output sink, and flags. The documentation describes certificate lookup, chain verification with the smimesign purpose, optional internal certificate and CRL handling, and final signature verification over the signed content. (OpenSSL Documentation)
That means PKCS7_verify() is not a superficial file-format parser. It sits at a trust boundary. It receives a structured cryptographic object, extracts certificates and signed attributes, handles content and BIO streams, performs certificate-chain logic, and verifies signatures. In a real application, the caller may pass BIO objects that it still owns and expects to manage after the verification call returns. That ownership assumption is exactly where CVE-2026-45447 becomes dangerous.
The OpenSSL documentation also states that PKCS7_verify() is very similar to CMS_verify(), while the CMS documentation describes a parallel API for CMS SignedData. For CVE-2026-45447, OpenSSL explicitly says applications using CMS APIs for this processing are not affected. That does not mean CMS is immune to every OpenSSL issue. It means this specific use-after-free is in the PKCS#7 path described by the advisory. (OpenSSL Documentation)
The presence of indata and out BIO parameters is especially relevant. BIOs are OpenSSL’s I/O abstraction. A caller can use them for memory buffers, files, sockets, filters, or chained I/O behavior. A library function that incorrectly frees a BIO it does not own can destabilize the caller’s memory model. The caller may later call BIO_free() on the object it believes it still owns, or it may continue reading from or writing to that BIO. In memory safety terms, the bug is about object lifetime and ownership, not simply about accepting a malformed signature.
The vulnerable path, from empty ASN.1 SET to use-after-free

The trigger described by OpenSSL is specific. The message must be a PKCS#7 or S/MIME signed message, and the SignedData.digestAlgorithms field must be present as an empty ASN.1 SET. During PKCS7_verify(), OpenSSL may incorrectly free a caller-owned BIO. A subsequent use of that BIO by the calling application results in a use-after-free condition. OpenSSL notes that the common case occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). (OpenSSL Library)
That chain can be simplified into five steps:
| Step | What happens | Why it matters |
|---|---|---|
| 1 | An attacker supplies a PKCS#7 or S/MIME signed message | The input can cross a remote or semi-trusted boundary |
| 2 | The message contains SignedData.digestAlgorithms as an empty ASN.1 SET | The malformed structure reaches the vulnerable parser condition |
| 3 | The application calls PKCS7_verify() | The vulnerable OpenSSL PKCS#7 verification path is invoked |
| 4 | OpenSSL incorrectly frees a caller-owned BIO | Object ownership is violated |
| 5 | The caller later uses or frees the BIO | Use-after-free can become crash, heap corruption, or potentially exploitable memory corruption |
A use-after-free is dangerous because freed heap memory can be reused. The exact impact depends on allocator behavior, memory layout, compiler hardening, how the application uses the freed object, whether the object is freed again, whether an attacker can influence heap grooming, and whether the process runs in a constrained sandbox. That is why OpenSSL’s wording is careful. The advisory does not say every exposed application yields reliable code execution. It says the issue may result in crashes, heap corruption, and in some application contexts may potentially be exploitable for remote code execution. (OpenSSL Library)
For defenders, the safest assumption is that externally reachable parser crashes in privileged services are serious even when reliable RCE is not public. A mail gateway crash loop can be a denial-of-service incident. Heap corruption in a long-running process that handles sensitive messages is a more severe concern. A vulnerable parser reachable before authentication is much worse than an admin-only import feature, even if both use the same library.
Affected and fixed OpenSSL versions
OpenSSL’s official remediation table is straightforward. The branch-specific fixed versions are the source of truth for upstream OpenSSL, while Linux distributions, appliances, language runtimes, and vendors may backport patches into package versions that do not exactly match upstream version strings.
| OpenSSL branch | Vulnerable according to OpenSSL | Fixed version or remediation target |
|---|---|---|
| 4.0 | Yes | Upgrade to 4.0.1 |
| 3.6 | Yes | Upgrade to 3.6.3 |
| 3.5 | Yes | Upgrade to 3.5.7 |
| 3.4 | Yes | Upgrade to 3.4.6 |
| 3.0 | Yes | Upgrade to 3.0.21 |
| 1.1.1 | Yes | Upgrade to 1.1.1zh, premium support customers only |
| 1.0.2 | Yes | Upgrade to 1.0.2zq, premium support customers only |
OpenSSL’s advisory lists these exact upgrade targets. OpenSSL 3.0.21 release notes also identify 3.0.21 as a security patch release where the most severe CVE fixed was High and list CVE-2026-45447 as a fixed heap use-after-free in PKCS7_verify(). (OpenSSL Library)
Downstream status is more complicated. A distribution may ship openssl packages with backported security patches while retaining a version label that looks older than upstream. A container image may carry multiple OpenSSL copies. A commercial appliance may embed a private build. A language runtime may bundle OpenSSL or expose only a subset of OpenSSL functionality. For CVE-2026-45447, the question “what version is installed?” is only the beginning.
A strong patch ticket should include three fields: the OpenSSL branch or downstream package, the fixed vendor package or upstream target version, and the reachable parser workflows that rely on the affected code. Without the third field, teams risk spending most of their time on hosts with no reachable PKCS#7 path while missing the services that actually parse hostile signed messages.
Systems most likely to be exposed
The most likely exposure points are systems that accept, inspect, verify, or transform signed cryptographic containers. Some will be obvious, such as an S/MIME gateway. Others will be buried in import features, partner integrations, or operational tooling.
| Priority | System or workflow | Why it matters for CVE-2026-45447 |
|---|---|---|
| Critical | Internet-facing S/MIME mail gateway | It may process attacker-supplied signed mail automatically |
| Critical | Secure email appliance or DLP product | These systems often inspect inbound message structures before user interaction |
| High | Document-signing verification service | Users may upload signed PKCS#7 objects for validation |
| High | Certificate import or PKI portal | It may parse signed or bundled cryptographic material from customers or partners |
| High | Security scanner or malware-analysis system | It may intentionally ingest hostile signed objects |
| Medium | CI/CD workflow verifying signed artifacts | Exposure depends on whether untrusted contributors or partners can supply artifacts |
| Medium | Internal CA or PKI admin tool | Risk depends on authentication, trust boundary, and parser isolation |
| Low for this CVE | Standard TLS-only HTTPS service | OpenSSL package presence still needs patching, but the vulnerable PKCS#7 path may not be reachable |
| Low for this CVE | Application using CMS APIs for this signed-message processing | OpenSSL says CMS APIs are not affected by this issue |
The most useful first cut is external reachability. If the application receives unauthenticated email, accepts uploaded signed files, processes partner-supplied cryptographic containers, or handles objects pulled from untrusted queues, it deserves early validation. If the parser is only reachable by a small group of administrators through an internal tool, patching is still required, but the urgency and compensating controls differ.
A second useful cut is automation. Human-opened S/MIME messages are still relevant, but an automated gateway that parses every inbound signed message before delivery has a very different exposure profile. Automated parsing turns every inbound message into a parser event. That makes crash detection, rate limiting, sandboxing, and patch timing more important.
A third cut is privilege. If the parser runs as root, has mailbox access, can read certificates or private keys, or sits on a sensitive network boundary, the blast radius is larger. A memory corruption bug in a low-privilege isolated worker is still serious. A memory corruption bug in a monolithic privileged gateway is worse.
What “CMS APIs are not affected” does and does not mean
OpenSSL’s advisory draws a clean line for this specific issue: applications using CMS APIs for this processing are not affected by CVE-2026-45447. That statement is useful for code review. If a service verifies signed messages only through the CMS verification APIs and does not call the legacy PKCS#7 verification path, CVE-2026-45447 should not be reachable through that signed-message workflow. (OpenSSL Library)
But there are two ways to misuse that fact.
The first mistake is assuming that any system with “CMS” in its documentation is safe. Many products use mixed terminology, support both PKCS#7 and CMS formats, or call different OpenSSL APIs depending on input type. The only reliable answer is code-path inspection or vendor confirmation.
The second mistake is assuming that CMS-related OpenSSL code had no other security issues. The same June 9, 2026 OpenSSL advisory also fixed CVE-2026-34182, a CMS AuthEnvelopedData processing issue that could accept forged messages, and CVE-2026-9076, an out-of-bounds read in CMS password-based decryption. Those are different bugs with different conditions, but they show why “we use CMS, not PKCS#7” is not a general substitute for patching. (OpenSSL Library)
A good long-term engineering move may still be to reduce legacy PKCS#7 API usage where modern CMS APIs are appropriate. But migration is not a same-day mitigation unless you can test it thoroughly. Signature verification code is security-sensitive. A rushed rewrite can create certificate-validation gaps, detached-content mistakes, or trust-store behavior changes.
Why the FIPS note matters but does not close the incident
OpenSSL says the FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected because the vulnerable code is outside the OpenSSL FIPS module boundary. That statement is precise and important. It means the affected code is not inside the validated FIPS module boundary. It does not mean a FIPS-using application cannot call vulnerable non-FIPS OpenSSL code elsewhere. (OpenSSL Library)
This distinction often causes confusion in regulated environments. FIPS status is about the cryptographic module boundary and validation scope. CVE reachability is about application behavior. A service can be configured to use FIPS-approved cryptographic operations and still include non-FIPS parsing code in the surrounding application. If that surrounding application calls PKCS7_verify() on attacker-supplied S/MIME data through an affected OpenSSL version, the FIPS note does not magically remove the parser risk.
For audit teams, the right evidence is not “FIPS is enabled.” The right evidence is “we identified whether the application uses affected OpenSSL PKCS#7 APIs for untrusted PKCS#7 or S/MIME signed messages, upgraded or confirmed patched packages, and validated the parsing workflow after remediation.”
Safe PoC demonstration, understanding the bug without weaponizing it
The following PoC is not an OpenSSL exploit. It does not generate a malformed PKCS#7 message, does not target PKCS7_verify(), does not crash a real service, and cannot be used against production systems. It is a local toy program that demonstrates the ownership mistake at the heart of CVE-2026-45447: a library-style function frees an object that the caller still owns, and the caller later uses or frees that object.
That is the safest way to understand the vulnerability class without publishing a weaponized payload.
/*
* safe_uaf_model.c
*
* Educational toy model only.
* This is NOT OpenSSL code.
* This does NOT parse PKCS#7 or S/MIME.
* This does NOT reproduce CVE-2026-45447.
*
* It demonstrates the ownership pattern:
* - caller creates and owns an object
* - library function incorrectly frees it on a malformed-input branch
* - caller later uses or frees the same object
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
typedef struct {
char label[32];
int closed;
} ToyBIO;
static ToyBIO *toy_bio_new(const char *label) {
ToyBIO *bio = malloc(sizeof(ToyBIO));
if (!bio) {
perror("malloc");
exit(1);
}
snprintf(bio->label, sizeof(bio->label), "%s", label);
bio->closed = 0;
return bio;
}
static void toy_bio_write(ToyBIO *bio, const char *msg) {
if (!bio) {
return;
}
printf("[%s] %s\n", bio->label, msg);
}
static void toy_bio_free(ToyBIO *bio) {
if (!bio) {
return;
}
bio->closed = 1;
free(bio);
}
/*
* Simulates a vulnerable library function.
*
* The caller owns `caller_owned_bio`.
* The function must not free it.
* On the malformed branch, it incorrectly frees caller-owned memory.
*/
static int vulnerable_verify_model(ToyBIO *caller_owned_bio, int empty_digest_algorithms_set) {
if (empty_digest_algorithms_set) {
/*
* Ownership bug:
* the function frees an object it does not own.
*/
toy_bio_free(caller_owned_bio);
return 0;
}
toy_bio_write(caller_owned_bio, "verification succeeded in benign path");
return 1;
}
int main(void) {
ToyBIO *out = toy_bio_new("caller-owned-output");
/*
* The second argument models the malformed parser condition.
* In CVE-2026-45447, the relevant malformed condition is an empty
* ASN.1 SET in SignedData.digestAlgorithms.
*/
int ok = vulnerable_verify_model(out, 1);
if (!ok) {
puts("verification failed, caller still believes it owns out");
}
/*
* Use-after-free:
* `out` was freed by the vulnerable function, but the caller still
* treats it as valid.
*/
toy_bio_write(out, "caller writes after failed verification");
/*
* A second free may also occur in real ownership bugs.
*/
toy_bio_free(out);
return 0;
}
Compile it with AddressSanitizer in a disposable local environment:
cc -fsanitize=address -g -O0 safe_uaf_model.c -o safe_uaf_model
./safe_uaf_model
A hardened build should report a heap-use-after-free or double-free style error. The exact wording varies by compiler and runtime. The lesson is not the crash message. The lesson is the ownership boundary. When a function accepts a caller-owned object, the caller must be able to rely on the function not freeing it unless the API contract explicitly says ownership is transferred.
In CVE-2026-45447, the object is a BIO passed into OpenSSL’s PKCS#7 verification path. The official advisory says OpenSSL may incorrectly free a caller-owned BIO, and a later use by the calling application results in a use-after-free. That is why application-specific behavior matters so much. One application may fail and immediately exit. Another may continue using the freed BIO in a long-lived process. A third may hit allocator-specific behavior that turns a crash into more serious memory corruption. (OpenSSL Library)
A real validation program should not attempt to crash production systems with malformed PKCS#7 samples. Use patched test environments, vendor-provided regression tests, unit tests around parser behavior, and controlled fuzzing harnesses with sanitizer builds. The production task is to patch and prove reachability, not to weaponize the parser bug.
Finding vulnerable versions is necessary but not enough
Start with version inventory, then move quickly to reachability. On a single host, these commands are useful first checks:
openssl version -a
On Debian or Ubuntu systems:
dpkg -l | grep -E 'openssl|libssl'
apt-cache policy openssl libssl3
On RHEL-family systems:
rpm -qa | grep -E '^openssl|^openssl-libs|^compat-openssl'
rpm -q --changelog openssl | grep -i 'CVE-2026-45447' -A3 -B3
On Alpine:
apk info | grep -E 'openssl|libcrypto|libssl'
apk policy openssl libcrypto3 libssl3
For containers, a software bill of materials is usually better than shelling into running workloads one by one:
syft your-image:tag | grep -i openssl
grype your-image:tag | grep -i 'CVE-2026-45447\|openssl'
For dynamically linked applications, inspect what the binary actually loads:
ldd /path/to/binary | grep -i ssl
ldd /path/to/binary | grep -i crypto
On macOS:
otool -L /path/to/binary | grep -i ssl
otool -L /path/to/binary | grep -i crypto
Static linking and vendor appliances are harder. You may need vendor advisories, binary strings, SBOMs, container layer inspection, or runtime process maps. A quick process-level Linux check can help, although it is not a complete answer:
pidof your-service
cat /proc/<pid>/maps | grep -Ei 'libssl|libcrypto|openssl'
Once you find affected OpenSSL packages or bundled libraries, search for the vulnerable usage pattern. These searches are not perfect, but they give security engineers and maintainers a practical starting point:
grep -R "PKCS7_verify" .
grep -R "SMIME_read_PKCS7" .
grep -R "d2i_PKCS7" .
grep -R "d2i_PKCS7_bio" .
grep -R "PEM_read_bio_PKCS7" .
grep -R "openssl smime" .
grep -R "smime -verify" .
grep -R "application/pkcs7-signature" .
grep -R "application/pkcs7-mime" .
grep -R "\.p7m" .
grep -R "\.p7s" .
The best search result is not just a function name. The best result is a path from untrusted input to parser invocation. For example, an email gateway that extracts every inbound S/MIME attachment and calls PKCS7_verify() is much more urgent than an offline admin-only script that verifies a local trusted file once a month.
Reachability questions that separate real exposure from noise
A reachable CVE-2026-45447 path usually answers “yes” to several of these questions:
| Question | Why it matters |
|---|---|
| Can external users, unauthenticated senders, or partners supply PKCS#7 or S/MIME content? | The bug needs crafted input |
| Does the application call OpenSSL PKCS#7 APIs rather than CMS APIs for this processing? | The vulnerable path is PKCS#7 API processing |
Is PKCS7_verify() called automatically before a human reviews the content? | Automated parsing increases exposure |
| Does the process continue running after verification failure? | Continued execution can make use-after-free effects more relevant |
| Does the process run with high privileges or broad mailbox, file, or network access? | Higher privileges increase blast radius |
| Is the parser in a monolithic long-lived service? | Long-lived heap state can make memory corruption more concerning |
| Is the parser sandboxed, rate limited, and isolated? | Isolation can reduce impact while patching proceeds |
| Can the service be patched independently of the host OpenSSL package? | Bundled libraries require special remediation |
A version scanner cannot answer these questions alone. Neither can a code search alone. The answer comes from joining SBOM data, package status, application architecture, input paths, and runtime behavior.
For a security team under time pressure, the quickest useful classification is:
| Class | Description | Action |
|---|---|---|
| Confirmed reachable | Affected OpenSSL plus PKCS7_verify() plus untrusted PKCS#7 or S/MIME signed input | Emergency patch, validate, monitor crashes, consider temporary parser restrictions |
| Plausibly reachable | Affected OpenSSL plus signed-message or certificate import workflow, but API path not yet confirmed | Treat as high priority until code or vendor confirms |
| Package-only exposure | Affected OpenSSL installed, but no identified PKCS#7 or S/MIME parser path | Patch in accelerated maintenance, lower incident priority |
| Not affected by this CVE | Uses CMS API for this processing or patched OpenSSL, with no legacy PKCS#7 path | Record evidence and continue normal OpenSSL advisory tracking |
That classification is more useful than a flat “vulnerable or not vulnerable” flag. It tells engineering, operations, and leadership where to put scarce remediation time first.
Detection signals, what defenders can actually watch
There is unlikely to be one universal network signature for CVE-2026-45447 that works reliably across environments. The vulnerable input is a structured cryptographic message, often delivered through application-specific channels such as email, file upload, document processing, or partner message exchange. Detection should focus on parser workflows and crash behavior.
Useful signals include:
| Signal | Possible meaning | Caveat |
|---|---|---|
| Sudden crashes in S/MIME gateway processes | Malformed signed-message parsing may be triggering memory corruption | Could also be unrelated mail parsing bug |
SIGSEGV, SIGABRT, allocator corruption, or double-free messages | Memory safety failure in parser or surrounding code | Needs process and stack context |
Core dumps from services that handle .p7m or .p7s files | Possible crash around PKCS#7 parsing | Core dump handling may be disabled |
| Container restart spikes after inbound mail bursts | Automated parser crash loop | Needs correlation with input type |
| Logs mentioning PKCS#7, S/MIME, signature verification, or BIO errors before crash | Stronger parser-path clue | Logging may be sparse |
ASAN reports in staging or fuzzing around PKCS7_verify() | High-value validation evidence | Usually unavailable in production builds |
Linux triage commands can help responders quickly identify crash patterns:
journalctl --since "24 hours ago" | grep -Ei 'openssl|pkcs7|s/mime|smime|bio|segfault|aborted|double free|corruption'
coredumpctl list | grep -Ei 'mail|smime|pkcs|openssl|gateway|scanner'
coredumpctl info <PID_OR_COREDUMP_ID>
For Kubernetes environments:
kubectl get pods -A | grep -Ei 'crashloop|error'
kubectl logs -n <namespace> <pod> --previous | grep -Ei 'openssl|pkcs7|s/mime|smime|segfault|aborted|corruption'
For mail and document-processing systems, content-level telemetry is useful if privacy requirements allow it. You do not need to log message bodies. You can log metadata such as MIME type, attachment extension, parser path, verification result, source trust level, and failure reason.
A minimal application log event might include:
{
"event": "signed_message_verification",
"parser": "openssl_pkcs7",
"api": "PKCS7_verify",
"input_type": "application/pkcs7-signature",
"source_trust": "external_sender",
"result": "verification_failed",
"service": "mail-gateway-worker",
"openssl_runtime": "3.0.20"
}
That kind of log is useful beyond this CVE. It gives defenders a way to answer parser-reachability questions quickly during future OpenSSL, S/MIME, CMS, ASN.1, certificate, and document-parser advisories.
A simple Sigma-style hunting rule can help find command-line OpenSSL usage in server workflows:
title: OpenSSL S/MIME or PKCS7 Verification in Server Workflow
id: 1f7a4125-cve-2026-45447-hunt
status: experimental
description: Detects OpenSSL command-line S/MIME or PKCS7 verification activity that may indicate a parser workflow requiring CVE-2026-45447 review.
logsource:
product: linux
category: process_creation
detection:
selection_image:
Image|endswith:
- "/openssl"
selection_args:
CommandLine|contains:
- " smime "
- " -verify"
- " pkcs7 "
- " cms "
condition: selection_image and selection_args
fields:
- Image
- CommandLine
- ParentImage
- User
- CurrentDirectory
falsepositives:
- Administrative certificate operations
- CI signing verification jobs
- Mail-processing automation
level: medium
tags:
- cve.2026.45447
- attack.t1204
This rule does not detect library-linked parser abuse inside a custom application. It is only a hunting aid. The stronger control is asset-aware instrumentation around signed-message parsing.
Patch strategy for production estates
The upstream fix is simple: upgrade to the fixed OpenSSL release for your branch. The production reality is not simple. OpenSSL may appear in operating system packages, containers, language runtimes, application bundles, static binaries, security appliances, firmware images, and vendor-managed cloud services.
A practical patch sequence looks like this:
- Identify all affected OpenSSL packages and bundled libraries.
- Prioritize systems that parse untrusted PKCS#7 or S/MIME signed messages.
- Apply vendor patches or upgrade to the fixed upstream branch target.
- Restart services that dynamically link to updated OpenSSL libraries.
- Rebuild and redeploy containers that carried vulnerable library layers.
- Confirm runtime linkage after deployment, not only package installation.
- Validate signed-message workflows in staging with benign samples.
- Monitor parser crashes and verification failures after rollout.
Service restart matters. Updating a package on disk does not always update a running process. Long-lived daemons may continue using the old mapped library until restarted. Containers need rebuilt base layers and redeployment. Appliances may require firmware or vendor hotfixes.
A useful post-patch Linux check is:
# Show the OpenSSL package version
openssl version -a
# Show whether a running process still maps old libssl or libcrypto objects
cat /proc/<pid>/maps | grep -Ei 'libssl|libcrypto'
# On systemd systems, list services that may need restart after library updates
needrestart -r l
For containers:
# Confirm image SBOM after rebuild
syft your-fixed-image:tag | grep -i openssl
# Confirm deployed pod image digests
kubectl get pods -n <namespace> -o jsonpath='{range .items[*]}{.metadata.name}{" "}{.status.containerStatuses[*].imageID}{"\n"}{end}'
For vendors, ask for two statements, not one. “Are you affected by CVE-2026-45447?” is useful but often too broad. Better questions are:
- Do you ship or statically link an affected OpenSSL branch?
- Does your product call OpenSSL PKCS#7 APIs, including
PKCS7_verify(), on untrusted PKCS#7 or S/MIME signed messages? - What fixed version or backported patch is included in your advisory?
- Is a service restart, firmware update, or configuration change required?
- Are there temporary controls for disabling external S/MIME or PKCS#7 parsing until patched?
Those questions make it harder for a vendor to answer with a vague “we use OpenSSL but are investigating” statement.
Temporary controls when immediate patching is blocked
Temporary controls are not a replacement for patching. They can reduce exposure while patches are tested, maintenance windows are negotiated, or vendor fixes are pending.
The most effective temporary control is to reduce untrusted parser input. Depending on the system, that may mean disabling external S/MIME verification, blocking PKCS#7 upload features, limiting signed-document validation to authenticated users, isolating partner feeds, or routing high-risk files to a sandboxed parser service.
Potential compensating controls include:
| Control | When it helps | Limitations |
|---|---|---|
| Disable external S/MIME verification temporarily | Mail gateway or secure email system can operate without automatic signature verification | May affect business workflows and user trust indicators |
Restrict .p7m, .p7s, and PKCS#7 MIME uploads | Upload or document-verification portals | File extensions and MIME types can be spoofed |
| Require authentication before signed-message parsing | Public upload endpoints | Does not remove risk from compromised accounts or partners |
| Sandbox parser workers | High-risk document or email processing | Reduces blast radius but does not fix the bug |
| Run parser as low-privilege user | Long-running services | Still vulnerable to crash or local data exposure through process privileges |
| Rate limit parser requests | Public or partner-facing services | Does not stop a single malformed file from crashing a worker |
| Queue and quarantine unusual signed objects | Mail and document workflows | Requires operational review capacity |
| Add crash-loop alerts | Kubernetes or service-managed parser workers | Detects symptoms, not exploitation |
A strong temporary posture combines several of these. For example, a mail gateway might disable automatic S/MIME signature verification for external unauthenticated senders, process signed objects in isolated workers, rate limit suspicious senders, and monitor worker crashes until the patched build is deployed.
Do not rely on extension blocking alone. PKCS#7 or S/MIME content can appear under different names, encodings, and MIME wrappers. Content-aware parsing controls are better than filename controls, but even they are not a substitute for patching.
Code-level hardening for teams that maintain PKCS#7 verification paths
If your codebase directly calls OpenSSL PKCS#7 APIs, the fix is not only “bump OpenSSL.” The advisory should trigger a short audit of parser ownership, error handling, and input boundaries.
A typical legacy verification flow might look like this:
BIO *in = BIO_new_file(path, "rb");
BIO *out = BIO_new(BIO_s_mem());
PKCS7 *p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
int ok = PKCS7_verify(p7, certs, store, detached_content, out, flags);
/* Caller assumes it still owns all BIOs it created. */
BIO_free(out);
BIO_free(in);
PKCS7_free(p7);
On patched OpenSSL, the vulnerable malformed input should not cause OpenSSL to free a caller-owned BIO incorrectly. But the surrounding code still deserves review:
- Are all parser inputs treated as untrusted unless proven otherwise?
- Is signature verification isolated from privileged application state?
- Are BIOs freed exactly once on all success and failure paths?
- Are detached-content paths tested?
- Are verification failures handled as data failures rather than process failures?
- Are parser workers sandboxed?
- Are certificates from the message treated as untrusted chain-building material unless explicitly trusted?
- Are legacy PKCS#7 code paths still needed, or can they be replaced after testing?
OpenSSL’s PKCS7_verify() documentation says internal certificates in the message may be used as untrusted CAs unless flags such as PKCS7_NOCHAIN are set, and that PKCS7_NOINTERN can be used when the signer certificate must come from a supplied certificate set rather than the message itself. Those flags are not CVE-2026-45447 mitigations by themselves, but they are relevant to a broader review of PKCS#7 verification semantics. (OpenSSL Documentation)
The safest pattern is to separate parser hardening from trust-policy hardening. Patching OpenSSL fixes the memory safety bug. Reviewing flags, trust stores, signer constraints, and detached-content handling reduces the chance that the signed-message workflow accepts content it should reject.
Related OpenSSL CVEs that help frame the risk
CVE-2026-45447 appeared in a large OpenSSL security advisory that also included several CMS, ASN.1, QUIC, OCSP, CMP, and cipher-mode issues. The related CVEs are not interchangeable, but they help defenders understand a pattern: cryptographic libraries are not only TLS handshakes. They also parse complex container formats, certificate structures, message formats, and protocol-specific data.
| CVE | Why it is relevant | Exploit condition | Main risk | Remediation |
|---|---|---|---|---|
| CVE-2026-45447 | The focus of this article, heap use-after-free in PKCS7_verify() | Attacker-supplied PKCS#7 or S/MIME signed message with empty digestAlgorithms SET reaches OpenSSL PKCS#7 API | Crash, heap corruption, potentially RCE in some contexts | Upgrade to fixed OpenSSL branch version |
| CVE-2026-34182 | Same June 2026 advisory, CMS AuthEnvelopedData validation problem | Attacker supplies crafted CMS data to affected CMS processing | Message forgery or integrity validation bypass scenarios | Upgrade to fixed OpenSSL branch version |
| CVE-2026-45445 | Same advisory, AES-OCB IV ignored on one-shot EVP_Cipher() path | Application uses AES-OCB through lower-level one-shot EVP_Cipher() interface | Nonce reuse, confidentiality loss, potential universal forgery in the described path | Upgrade and avoid the discouraged one-shot path |
| CVE-2026-34180 | Same advisory, ASN.1 content parsing heap over-read | Application passes attacker-supplied DER ASN.1 data into affected decoding functions | Crash or reading beyond input buffer in certain conditions | Upgrade and reduce untrusted ASN.1 parser exposure |
| CVE-2025-15467 | Earlier OpenSSL message-parsing issue involving CMS AuthEnvelopedData | Application parses untrusted CMS or PKCS#7-family content through affected path | Stack corruption, denial of service, potential RCE depending on context | Upgrade affected OpenSSL releases and validate parser reachability |
OpenSSL’s 3.0.21 release notes list CVE-2026-45447 along with CVE-2026-34182, CVE-2026-45445, CVE-2026-9076, CVE-2026-34180, CVE-2026-42766, CVE-2026-42770, and CVE-2026-45446. That cluster matters because it pushes teams to look beyond TLS and examine cryptographic message parsing, ASN.1 processing, and application-specific OpenSSL usage. (OpenSSL Library)
Penligent previously analyzed CVE-2025-15467 as an OpenSSL CMS and PKCS#7 parser exposure problem, emphasizing the same operational distinction that matters here: package presence is not the same as parser reachability. That older OpenSSL case is useful background for teams building repeatable triage processes for message-parsing vulnerabilities rather than treating every crypto-library CVE as a flat package-update event. (Penligent)
Why AI-assisted validation belongs in the workflow, but not in the headline
For CVE-2026-45447, the hard work is not generating a dangerous payload. The hard work is mapping the environment: where OpenSSL is installed, where it is bundled, which services parse signed messages, which APIs are called, which endpoints or mail flows can feed attacker-controlled PKCS#7 or S/MIME content, which systems are patched, and which findings have proof rather than assumptions.
That is a good fit for assisted validation workflows when they remain evidence-driven. A tool can help correlate asset discovery, code search, endpoint behavior, runtime fingerprints, test notes, and retest evidence. It should not replace human judgment about exploitability, parser reachability, or safe testing boundaries. Penligent’s public positioning is an AI-powered penetration testing workflow focused on verified findings, evidence, reproduction steps, and remediation guidance, which is the right kind of framing for this class of work when used only on authorized systems. (Penligent)
For security teams, the valuable output is not “OpenSSL found.” It is a short, defensible statement such as: “Service X uses OpenSSL 3.0.20, accepts unauthenticated S/MIME signed mail, calls the PKCS#7 verification path, was upgraded to a fixed package, and was retested with benign signed messages after deployment.” That kind of evidence helps engineering teams act and helps auditors understand why one vulnerable package entry was urgent while another was handled in a normal maintenance window.
Common mistakes during CVE-2026-45447 response
The first mistake is treating CVE-2026-45447 as a generic TLS crisis. The vulnerability is in PKCS#7 signed-message verification, not ordinary TLS negotiation. If your only exposure is a TLS listener that never parses PKCS#7 or S/MIME signed messages, the specific reachable risk is lower, although patching still matters.
The second mistake is treating “CMS APIs are not affected” as a reason to ignore the June 2026 OpenSSL update. CMS APIs are not affected by this specific PKCS#7 use-after-free, but the same advisory includes other CMS issues. Security teams still need to apply relevant OpenSSL fixes and review downstream vendor guidance. (OpenSSL Library)
The third mistake is relying only on openssl version in a shell. Many real exposures live in containers, statically linked binaries, bundled libraries, appliances, and language runtimes. A host-level version check can miss the copy that a service actually loads.
The fourth mistake is testing production by throwing malformed cryptographic blobs at it. That is unnecessary and risky. Use controlled staging environments, patched regression tests, and sanitizer builds. Production validation should focus on version, reachability, patch deployment, service restart, and safe benign workflow testing.
The fifth mistake is ignoring parser privileges. A crash in a sandboxed worker and heap corruption in a privileged monolith are not the same operational risk. Prioritization should account for trust boundary, privilege, isolation, and availability impact.
The sixth mistake is assuming no public exploit means no urgency. OpenSSL’s own advisory describes a memory safety issue with potential remote code execution in some contexts. Public exploit maturity is only one factor. Reachable parser memory corruption in exposed infrastructure deserves focused remediation even before widespread exploitation is observed. (OpenSSL Library)
A practical response plan for security teams

A clear response plan can be executed without panic.
First, identify affected OpenSSL versions across operating systems, containers, appliances, runtime bundles, and custom builds. Use package managers, SBOM tooling, vendor advisories, binary inspection, and runtime maps. Record the fixed package or upstream target for each branch.
Second, identify PKCS#7 and S/MIME signed-message workflows. Search code and configuration for PKCS7_verify(), SMIME_read_PKCS7, PKCS#7 parsing helpers, command-line openssl smime -verify, .p7m, .p7s, and PKCS#7 MIME types. Interview teams responsible for mail, PKI, document signing, partner file exchange, and security tooling.
Third, classify systems by reachability. External unauthenticated parsing goes first. Partner-reachable parsing goes next. Internal admin-only parsing follows. Package-only findings with no parser path still need patching, but they should not block emergency work on confirmed reachable systems.
Fourth, patch and restart. Apply vendor packages or upstream fixed versions, restart dynamically linked services, rebuild containers, update appliances, and confirm runtime linkage. Do not assume that package installation updated running processes.
Fifth, validate safely. Use benign signed messages and known-good workflows to ensure the patched service still verifies legitimate content. In staging, use sanitizer builds or vendor-provided regression tests if available. Do not introduce weaponized malformed PKCS#7 payloads into production.
Sixth, monitor. Watch for crash loops, parser failures, S/MIME verification errors, and abnormal inbound signed-message patterns during and after rollout. Keep temporary parser restrictions in place until the riskiest systems are patched.
Seventh, preserve evidence. Store the version before and after remediation, the service restart proof, the parser reachability assessment, and the retest result. This evidence is valuable for incident review, compliance, and future OpenSSL advisory response.
Example internal advisory
A strong internal advisory should be short enough for engineers to act on but precise enough to avoid false urgency.
CVE-2026-45447 is a High-severity OpenSSL heap use-after-free in PKCS7_verify().
It is triggered when an application processes a crafted PKCS#7 or S/MIME signed
message where SignedData.digestAlgorithms is present as an empty ASN.1 SET.
OpenSSL may incorrectly free a caller-owned BIO, and later caller use can lead
to crash, heap corruption, or potentially remote code execution in some contexts.
Affected upstream branches:
- 4.0 before 4.0.1
- 3.6 before 3.6.3
- 3.5 before 3.5.7
- 3.4 before 3.4.6
- 3.0 before 3.0.21
- 1.1.1 before 1.1.1zh for premium support customers
- 1.0.2 before 1.0.2zq for premium support customers
Priority:
P1: systems that parse untrusted PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs
P2: partner-facing or internal tools that parse signed cryptographic containers
P3: affected OpenSSL package presence with no identified PKCS#7 or S/MIME parser path
Do not test production with malformed PKCS#7 payloads. Patch, restart, confirm
runtime linkage, and validate with benign signed-message workflows.
That message avoids both extremes. It does not minimize the issue. It also does not imply that every OpenSSL-linked TLS process is equally exploitable.
FAQ
Is CVE-2026-45447 a TLS vulnerability?
- No, not in the usual sense. The vulnerable function is
PKCS7_verify(), which verifies PKCS#7 signedData structures. - A normal HTTPS service using OpenSSL only for TLS termination is not the main exposure path.
- The higher-risk path is an application that processes attacker-controlled PKCS#7 or S/MIME signed messages through OpenSSL PKCS#7 APIs.
- Patch OpenSSL anyway, but prioritize systems by parser reachability, not by TLS presence alone.
What systems are most likely to be exposed?
- S/MIME-capable mail gateways and secure email appliances.
- Services that accept
.p7m,.p7s,application/pkcs7-signature, orapplication/pkcs7-mimecontent. - Document-signing and signature-verification workflows.
- PKI portals, certificate import tools, and partner cryptographic-message exchange systems.
- Security products or malware-analysis systems that parse hostile signed containers.
- CI/CD or software-update systems that verify signed PKCS#7 artifacts from semi-trusted sources.
Does using OpenSSL automatically make a service vulnerable?
- No. Affected OpenSSL presence is required for the upstream vulnerability, but exposure depends on whether the service reaches the vulnerable PKCS#7 verification path.
- A host may have a vulnerable OpenSSL package but never parse PKCS#7 or S/MIME signed messages.
- Another host may look clean at the OS package level but run a statically linked or bundled vulnerable copy inside an application.
- The correct workflow is version inventory plus parser-path validation.
Are CMS APIs affected by CVE-2026-45447?
- OpenSSL states that applications using CMS APIs for this processing are not affected by CVE-2026-45447.
- That statement applies to this specific PKCS#7 use-after-free.
- It does not mean CMS-related OpenSSL code had no other 2026 issues. The same OpenSSL advisory includes separate CMS vulnerabilities.
- Teams should still patch OpenSSL and review all CMS, S/MIME, and PKCS#7 workflows.
Can CVE-2026-45447 be exploited for remote code execution?
- OpenSSL states that the issue may result in crash, heap corruption, or potentially remote code execution in some application contexts.
- Reliable RCE depends on allocator behavior, application-specific BIO usage, process lifetime, hardening, sandboxing, and attacker control over heap state.
- Defenders should not assume every exposed parser yields reliable RCE.
- Defenders also should not dismiss the issue as only a crash, because reachable heap corruption in exposed parser code is serious.
What should I patch first?
- Patch externally reachable systems that process untrusted PKCS#7 or S/MIME signed messages.
- Prioritize automated mail gateways, document-verification services, public upload endpoints, PKI portals, and security appliances.
- Rebuild and redeploy containers, not just hosts.
- Restart dynamically linked services after package updates.
- Ask vendors whether they call OpenSSL PKCS#7 APIs on untrusted signed-message input.
How can I validate exposure without crashing production?
- Search code and configurations for
PKCS7_verify,SMIME_read_PKCS7, PKCS#7 MIME types,.p7m,.p7s, and command-lineopenssl smime -verify. - Confirm the OpenSSL version actually loaded by the running service.
- Use benign signed messages to verify normal behavior after patching.
- Use staging, sanitizer builds, fuzzing harnesses, or vendor regression tests for malformed-input testing.
- Do not send malformed PKCS#7 samples to production systems as a validation shortcut.
Closing assessment
CVE-2026-45447 should be handled as a serious OpenSSL message-parsing vulnerability, not as a vague “OpenSSL is installed everywhere” panic. The official facts are specific: a crafted PKCS#7 or S/MIME signed message with an empty SignedData.digestAlgorithms ASN.1 SET can cause OpenSSL’s PKCS7_verify() path to incorrectly free a caller-owned BIO, leading to use-after-free when the caller later uses that BIO. The upstream fixes are clear. The affected branches are clear. The API boundary is clear. (OpenSSL Library)
The hard part is environmental. Find the systems that actually parse untrusted PKCS#7 or S/MIME signed messages. Patch those first. Confirm runtime linkage. Retest safely. Keep evidence. A flat package inventory tells you where OpenSSL exists. A reachability assessment tells you where CVE-2026-45447 can become a real incident.

