CVE-2026-45446 | OpenSSL up to 4.0.0 EVP Interface /CMS/PKCS7/HPKE/QUIC EVP_DecryptFinal_ex missing cryptographic step

SecurityVulns
Yanac

A vulnerability classified as problematic has been found in OpenSSL up to 3.0.20/3.4.5/3.5.6/3.6.2/4.0.0. This issue affects the function EVP_DecryptFinal_ex of the file /CMS/PKCS7/HPKE/QUIC of the component EVP Interface. Performing a manipulation results in missing cryptographic step.

This vulnerability is cataloged as CVE-2026-45446. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More