CVE-2024-53704

Published Jan 9, 2025

Last updated 8 months ago

Exploit knownCVSS critical 9.8
Sonicwall
VPN
SSL

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-53704 is an authentication bypass vulnerability found in the SSL VPN component of SonicWall firewalls running the SonicOS operating system. This flaw allows unauthorized remote attackers to bypass the authentication mechanism and gain access to the network. The vulnerability exists due to improper authentication within the SSLVPN component. Exploitation attempts targeting this vulnerability began shortly after the public release of proof-of-concept exploit code on February 10, 2025. Patches for CVE-2024-53704 have been available since January 7, 2024. Federal Civilian Executive Branch agencies are mandated to address this vulnerability by March 11, 2025.

Description
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
Source
PSIRT@sonicwall.com
NVD status
Analyzed
Products
sonicos

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
Exploit added on
Feb 18, 2025
Exploit action due
Mar 11, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

PSIRT@sonicwall.com
CWE-287

Social media

Hype score
Not currently trending

  1. Sinobi Ransomware has surfaced with a 63.2% code overlap to Lynx, targeting US manufacturing and healthcare. Operating as a hybrid RaaS, it exploits VPN vulnerabilities like CVE-2024-53704 to deploy double extortion attacks. Read more: https://t.co/tGfZ63zgic #Ransomware

    @socradar

    17 Feb 2026

    410 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  2. Sinobi ransomware hit hundreds of U.S. orgs in under a year. Primary entry: stolen VPN credentials and SonicWall CVE-2024-53704. Full attack chain breakdown → https://t.co/8wibruZLdQ #Ransomware #IncidentResponse #CyberSecurity #ThreatIntel #RansomwareAttack #InfoSec https://t

    @Proven_Data

    9 Feb 2026

    180 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Palo Alto NetworksのPAN-OS(CVE-2025-0108)およびSonicWallのSSLVPN(CVE-2024-53704)において、認証バイパスの脆弱性が悪用されています。CISAは、これらを既知の悪用脆弱性としてカタログに追加し、速やかなパッチ

    @SecTrendjp99886

    2 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. The New Vulnerable SonicWall SSL VPN (CVE-2024-53704) A critical security vulnerability identified as CVE-2024-53704 was disclosed, affecting SonicWall's SonicOS operating system. This vulnerability resides in the SSLVPN authentication mechanism and allows remote attackers to ht

    @PPHM_HackerNews

    31 May 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. SonicWall SSLVPN flaw (CVE-2024-53704) is UNDER ATTACK! Ransomware gangs are hijacking networks, with 11,000+ devices vulnerable. “An ounce of prevention is worth a pound of cure.” Stop threats FIRST with https://t.co/3ZPWK35LoY’s WEBOUNCER— locks out hackers. #websecurity

    @WEBOUNCER_

    24 Apr 2025

    41 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 SonicWall Firewall Vulnerability Alert 🚨 CVE-2024-53704 allows attackers to hijack SSL VPN sessions and access private networks. 🔓 🔧 Fix: Patch ASAP with SonicOS 7.1.3-7015+ or 8.0.0-8037+ https://t.co/69VQA0zfeo ⚠️ Act fast – Over 11,000 vulnerable devices detected! http

    @Hosainfosec

    5 Apr 2025

    44 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. .@bishopfox doesn't just report vulns—we help our customers stay ahead. Our researchers exploited #SonicWall CVE-2024-53704, critical auth bypass that allows remote, unauthenticated session hijacking. Full details: https://t.co/mgQMzKWU7q https://t.co/XqkHsrtkzV

    @behkfox

    28 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. SonicWall has released security updates addressing a critical vulnerability (CVE-2024-53704) affecting their SonicOS software. Users and administrators of affected products are advised to update to the latest versions immediately. Read the alert here: https://t.co/41Qcn1u5gY ht

    @CSAsingapore

    25 Feb 2025

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. #exploit 1. macOS PackageKit Exploits https://t.co/REhVEuqtU6 2. CVE-2024-53704: SonicWall SSL VPN Session Hijacking https://t.co/JpSb5kZVnZ 3. CVE-2024-54527: MediaLibraryService Full TCC Bypass, Dive Deep into AMFI https://t.co/62vbuwlVrw

    @akaclandestine

    21 Feb 2025

    280 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  10. Cuidado com a CVE-2024-53704! A vulnerabilidade no SonicOS permite que atacantes acessem redes internas sem autenticação. Atualize seu firmware e implemente MFA para proteger seus dados. O prazo da CISA é até 11/03/2025. Não fique vulnerável!

    @IncursioHack

    19 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. The SonicWall VPN vulnerability (CVE-2024-53704) is a critical 9.8/10 threat. With proof-of-concept public, patching is urgent to protect 4,500+ endpoints. Cybersecurity is a business priority—act now. #CyberResilience #ZeroTrust #PatchManagement https://t.co/6N5SXvKukF https://t

    @nabeelmahmood

    19 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨Critical vulnerabilities in Palo Alto Networks PAN-OS (CVE-2025-0108) & SonicWall SonicOS SSLVPN (CVE-2024-53704) are being actively exploited! ⚠️ Exploits traced to U.S., Germany & Netherlands ⚠️ Patch NOW before it’s too late! #CyberSecurity #CISA https://t.co/3sO307

    @syberintel

    19 Feb 2025

    53 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Two critical vulnerabilities in Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN are actively exploited, now added to CISA's KEV catalog. CVE-2025-0108 allows unauthenticated attackers to bypass PAN-OS security, while CVE-2024-53704 compromises SSLVPN authentication.… h

    @TheHackersNews

    19 Feb 2025

    38323 Impressions

    48 Retweets

    108 Likes

    15 Bookmarks

    6 Replies

    2 Quotes

  14. 🛡️ We added Palo Alto PAN-OS, CVE-2025-0108 & SonicWall SonicOS, CVE-2024-53704 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/cucCemLnWZ

    @CISACyber

    18 Feb 2025

    11451 Impressions

    42 Retweets

    79 Likes

    10 Bookmarks

    1 Reply

    4 Quotes

  15. SonicWall firewalls are under attack as CVE-2024-53704 is exploited in the wild following a PoC release. More details: 🔗 https://t.co/7NJOVLIQpp #CyberSecurity #Vulnerability

    @adriananglin

    18 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. SonicWall Firewalls Under Attack: CVE-2024-53704 Exploited in the Wild, PoC Released https://t.co/A7dIn70DZ0

    @Dinosn

    18 Feb 2025

    1688 Impressions

    3 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨🚨SonicWall Firewalls Under Attack: CVE-2024-53704 Exploited in the Wild ⚠️Attackers are leveraging this vulnerability to gain unauthorized access to networks, potentially leading to data breaches, ransomware deployment, and other malicious activities. ZoomEye… https://t.co/uz

    @zoomeye_team

    18 Feb 2025

    785 Impressions

    7 Retweets

    12 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. Unpacking the SonicWall Firewall Vulnerability: CVE-2024-53704 https://t.co/QbEZsXeHEi #sonicwall #cve202453704 #firewallvulnerability #networksecurity #cybersecurity #vpnsecurity #patchmanagement #infosec #cyberthreats

    @DefendOpsHQ

    18 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. #exploit 1. macOS PackageKit Exploits https://t.co/zx4w5Y8Mrh 2. CVE-2024-53704: SonicWall SSL VPN Session Hijacking https://t.co/30mzp4qbep 3. CVE-2024-54527: MediaLibraryService Full TCC Bypass, Dive Deep into AMFI https://t.co/LkTNEQz3jx

    @ksg93rd

    17 Feb 2025

    239 Impressions

    2 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🔴 Una falla de seguridad en los firewalls de SonicWall (CVE-2024-53704) encontrada en el mecanismo de autenticación SSLVPN, afecta a las versiones 7.1.x (hasta 7.1.1-7058), 7.1.2-7019 y 8.0.0-8035, utilizadas en los modelos Gen 6, Gen 7 y dispositivos de la serie SOHO. 🧉 https

    @MarquisioX

    16 Feb 2025

    40 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. A critical authentication bypass vulnerability in SonicWall firewalls, identified as CVE-2024-53704, is currently being actively exploited in the wild. https://t.co/kVZpkmEJmT

    @TAAUSLLC

    16 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🔥 SonicWall Firewall Vulnerability Exploited in the Wild Read more: https://t.co/gVyvgOjSGp 📌 Vulnerability tracked as CVE-2024-53704, being actively exploited in the wild. 📌 Successful exploitation bypasses multi-factor authentication (MFA). #cybersecurity

    @gbhackers_news

    16 Feb 2025

    76 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  23. 🔥 SonicWall Firewall Vulnerability Exploited in the Wild | Read more: https://t.co/XTiofAIBCR 📌 Vulnerability tracked as CVE-2024-53704, being actively exploited in the wild. 📌 Successful exploitation bypasses multi-factor authentication (MFA). 📌 Historically, these types of

    @The_Cyber_News

    16 Feb 2025

    532 Impressions

    3 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. A critical CVE-2024-53704 vulnerability in SonicWall firewalls is being exploited, allowing unauthorized access via SSL VPN. Urgent firmware upgrades are necessary to mitigate risks. 🔒 #SonicWall #VPNHacks #USA link: https://t.co/8rDUvPNe5S https://t.co/YkrY4mDjXz

    @TweetThreatNews

    15 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. ⚠️ Vulnerability Alert: SonicWall Firewall Authentication Bypass Vulnerability 📅 Timeline: Disclosure: 2024-11-05, Patch: 2025-01-07 📌 Attribution: Bishop Fox 🆔cveId: CVE-2024-53704 📊baseScore: 9.8 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: Critical…

    @syedaquib77

    14 Feb 2025

    22 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Urgent alert: A high-severity vulnerability (CVE-2024-53704) in SonicWall firewalls is being actively exploited, enabling authentication bypass. Many systems are at risk despite available patches. 🔒⚠️ #SonicWall #SSLVPN #USA link: https://t.co/J0zvLkH4Sj https://t.co/sv6JYltJf4

    @TweetThreatNews

    14 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. SonicWall VPN Exploit Lets Hackers Hijack Sessions! A critical flaw (CVE-2024-53704) allows attackers to hijack active VPN sessions without authentication! ⚠️ 4,500+ servers remain unpatched—public exploit code is out! Update firmware NOW! https://t.co/njpUe2A5Ii… https://t.co

    @dCypherIO

    13 Feb 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-53704 impacts SonicWall #CVE-2024-53704 #Sonicwall https://t.co/wxLyasubHw

    @pravin_karthik

    13 Feb 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Security researchers at Bishop Fox have released a full exploit for CVE-2024-53704, a critical authentication bypass flaw in SonicWall SSL VPN. Attackers can hijack active VPN sessions using a specially crafted session cookie, potentially gaining access to internal networks. http

    @cyberbulletins

    12 Feb 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Bishop Fox researchers disclosed full exploit details for CVE-2024-53704, an authentication bypass in SonicOS SSLVPN. https://t.co/lrFhwdJuh5 #rhymtech #thinkcyberthinkrhym #rhymcyberupdates

    @Rhym_Tech

    12 Feb 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Jak w banalny sposób przejąć zalogowaną sesję użytkownika do VPN? ❌ Chodzi o krytyczną, niedawno załataną podatność w urządzeniach VPN SonicWall (CVE-2024-53704) Schemat ataku: ✅ Ofiara loguje się do VPNa (podaje login / hasło / być może kod 2FA) - czyli nic niestandardowego…

    @Sekurak

    11 Feb 2025

    4807 Impressions

    9 Retweets

    44 Likes

    12 Bookmarks

    2 Replies

    0 Quotes

  32. 🚨 Understanding #CVE-2024-53704: A Critical Flaw in SonicOS SSLVPN Exposed by Bishop Fox https://t.co/7j2B3ETSQX

    @UndercodeNews

    11 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Bishop Fox security researchers have released detailed exploitation details for the CVE-2024-53704 vulnerability, which allows hackers to bypass authentication in certain versions of the SonicOS SSLVPN application. #security #sonicos https://t.co/17GDU94aAP

    @Strivehawk

    11 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Critical SonicWall vulnerability CVE-2024-53704 allows hackers to hijack SSL VPN sessions. Immediate firmware updates are essential to mitigate risks. 🛡️🔒 #SonicWall #VPNSecurity #USA link: https://t.co/nrVdqosRn5 https://t.co/sVMVkhNefR

    @TweetThreatNews

    11 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. .@bishopfox researchers exploited #SonicWall CVE-2024-53704, critical auth bypass that allows remote, unauthenticated session hijacking. Full details: https://t.co/gGX9VVkqle https://t.co/wENdbeO4yu

    @rachchism

    10 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. We don’t just report vulns—we help our customers stay ahead. Our researchers exploited #SonicWall CVE-2024-53704, critical auth bypass that allows remote, unauthenticated session hijacking. Full details: https://t.co/Ygaox1kGkv https://t.co/3LCFizkex2

    @bishopfox

    10 Feb 2025

    190 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  37. SonicOS の深刻な認証バイパスの脆弱性 CVE-2024-53704 が FIX:PoC もリリース https://t.co/O6iYsPDbH5 SonicWall SSLVPN で用いられる SonicOS の脆弱性 CVE-2024-53704 ですが、PoC が公開されました。この脆弱性の公表時点では悪用の形跡はないとのことですが、ご利用のチームは、十分に… https://t.co/Ad6tZsMPr4

    @iototsecnews

    10 Feb 2025

    125 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. A critical flaw in #SonicWall CVE-2024-53704 allows remote VPN session hijacking. If you're using SonicOS versions 7.1.x, 7.1.2-7019, or 8.0.0-8035, take action—over 5,000 devices are still vulnerable! Safeguard yourself: https://t.co/PgAE6X0a9w #cybersecurity #VPN #SonicWall

    @behkfox

    2 Feb 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. SonicWall CVE-2024-53704: Authentication Bypass anche con MFA attiva! - https://t.co/PqqNfawoEh

    @Cysafenews

    31 Jan 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Hey, quick question anyone here using SonicWall firewalls? Apparently, there’s a huge security flaw (CVE-2024-53704) that lets hackers take over VPN sessions. Patching is a must, or just disable SSL VPN if you can’t. Details go public Feb 10. Thoughts?

    @BrookyCyberAU

    31 Jan 2025

    180 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. Hey, quick question anyone here using SonicWall firewalls? Apparently, there’s a huge security flaw (CVE-2024-53704) that lets hackers take over VPN sessions. Patching is a must, or just disable SSL VPN if you can’t. Details go public Feb 10. Thoughts?

    @BrookyCyberAU

    31 Jan 2025

    174 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. Hey, quick question anyone here using SonicWall firewalls? Apparently, there’s a huge security flaw (CVE-2024-53704) that lets hackers take over VPN sessions. Patching is a must, or just disable SSL VPN if you can’t. Details go public Feb 10. Thoughts?

    @BrookyCyberAU

    31 Jan 2025

    74 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. SonicWall Firewalls at Risk! 🚨 Hackers can break into thousands of SonicWall firewalls due to a serious flaw (CVE-2024-53704). If you use one, update NOW or disable SSL VPN! 🛑 Fix it: ✅ Update SonicOS (7.1.3-7015+ or 8.0.0-8037+) ✅ Disable SSL VPN if you can’t patch

    @BrookyCyberAU

    31 Jan 2025

    100 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 Major vulnerability alert: SonicWall disclosed CVE-2024-53704, allowing attackers to hijack SSLVPN sessions on Gen7 Firewalls. Critical risk for network security. 🔒 #SonicWall #SSLVPN #USA link: https://t.co/7dBarNFXls https://t.co/HAKfGDExzW

    @TweetThreatNews

    28 Jan 2025

    89 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  45. The Rapid7 ETR team just published an analysis of CVE-2024-53704, a SonicWall VPN authentication bypass that was announced earlier this month. Check it out! https://t.co/ZLB7SnyX39

    @the_emmons

    28 Jan 2025

    10279 Impressions

    22 Retweets

    63 Likes

    17 Bookmarks

    2 Replies

    2 Quotes

  46. #注意喚起 5,000 台以上の SonicWall ファイアウォールが依然として攻撃に対して脆弱 (CVE-2024-53704) 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) #HelpNetSecurity (Jan 27) https://t.co/hDprWFvnim

    @foxbook

    27 Jan 2025

    83 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 5,000+ #SonicWall #firewalls still open to attack (#CVE-2024-53704) https://t.co/nBwDkBVdf3

    @ScyScan

    27 Jan 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. SonicWall CVE-2024-53704: SSL VPN Session Hijacking https://t.co/eidfMtfIds

    @Dinosn

    22 Jan 2025

    2759 Impressions

    13 Retweets

    36 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  49. به تازگی برای محصولات SSH management و VPN مربوط به SonicWall آسیب پذیری با کد شناسایی CVE-2024-53704 منتشر شده است. فایروال های SonicWall نسخه 6.5.4.15-117n  و قدیمی تر دارای این آسیب پذیری می باشند. https://t.co/Poz3aKY03t https://t.co/ASQSreK18Q

    @AmirHossein_sec

    12 Jan 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. CVE-2024-53704 impacts SonicWall #CVE-2024-53704 #SonicWall https://t.co/JIKpnqT0oD

    @pravin_karthik

    11 Jan 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.CVE-2026-45447
  2. Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's application using these ciphers. AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEAD modes: they accept a key, nonce, optional AAD (bytes that are authenticated but not encrypted), and plaintext, and produces ciphertext plus a 16-byte tag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success only if the tag is verified succesfully. In OpenSSL's provider implementation of these ciphers, the expected tag is computed only when decryption function is invoked with non-empty data. If the caller supplies AAD and then calls `EVP_DecryptFinal_ex()` without invocation of the ciphertext update, which can happen when the received ciphertext length is zero, the tag is never recalculated and still holds its all-zeros value. When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty ciphertext, and all-zeros tag passes authentication under any key they do not know, single-shot. When AES-SIV is used, for mounting the attack it's necessary for the application to reuse the decryption context without resetting the key. AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since OpenSSL 3.2. No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support either AES-GCM-SIV or AES-SIV. To mount an attack, the applications must implement their own protocol and use the EVP interface. Also they must skip the ciphertext update when a message with an empty ciphertext arrives. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as these algorithms are not FIPS approved and the affected code is outside the OpenSSL FIPS module boundary.CVE-2026-45446
  3. Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message. OpenSSL provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's streaming handler flushes the application-supplied IV into the OCB context before processing data; the one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero key-derived offset state left by cipher initialisation, regardless of the caller's IV. If EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at that point and clears the running checksum that should have been accumulated over the plaintext. The resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same (key, IV) pair. The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module boundary.CVE-2026-45445
  4. Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the victim's vulnerable application as a way to decrypt or sign messages with the victim's private RSA key. The attack is possible in 2 variants. 1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used without providing the recipient certificate. In this case OpenSSL iterates over every KeyTransRecipientInfo (KTRI) without stopping at the first success. An attacker who authors a message with two KTRI entries — the first one wrapping a real CEK under the victim's public key, the second with an arbitrary probe ciphertext — obtains opportunity to iterate the 2nd KTRI to get a valid PKCS#1 v1.5 padding if the error code of the application is available. That is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): an adaptive-chosen-ciphertext side channel from which the attacker decrypts any RSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature under it. 2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided with the recipient certificate, and the recipient is not found, a random key is substituted. An attacker who authors a message and is able to compare both error code and the result of the decryption, can mount a Bleichenbacher oracle. We are not aware of any applications that provide a remote attacker an opportunity to mount an attack described in these scenarios. We consider the existence of such application very unlikely, and for this reason this CVE has been evaluated as Low severity. To avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, the invoked EVP_PKEY_decrypt() will use the implicit rejection mechanism described in draft-irtf-cfrg-rsa-guidance. In previous OpenSSL releases the implicit rejection was explicitly disabled. The implicit rejection mechanism always returns a plaintext value, the symmetric key. This result is deterministic for the ciphertext and the private key. The length of the decryption result can happen to match the length of the key of the symmetric cipher that was used for the content encryption. When a certificate is not provided, the last RecipientInfo producing a key that looks valid will be used. It may cause getting garbage content on decryption. As a proper way to deal with this a recipient certificate has to be provided to identify the particular RecipientInfo for decryption. The FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, as CMS and S/MIME processing happens outside the OpenSSL FIPS module boundary.CVE-2026-42768
  5. Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r (a small prime factor of the cofactor (p−1)/q_local), and a public value Y of order r can recover the victim's private key after a small number of key exchange attempts. When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the subgroup membership check Y^q ≡ 1 (mod p) is performed using the peer's own q parameter, not the local key's q. The peer's domain parameters are then matched against the domain parameters of the private key, but the value of q is not compared. A malicious peer who presents an X9.42 key carrying the victim's p, g, a forged q = r (a small prime factor of the cofactor), and a public value Y of order r passes all checks. The shared secret then takes only r distinct values, leaking priv mod r. Repeating for each small-prime factor of the cofactor and combining via CRT recovers the full private key (Lim–Lee / small-subgroup-confinement attack). The realistic attack surface is narrow: principally CMP deployments with long-lived RA/CA DHX keys and bespoke enterprise or government applications using X9.42 DHX static keys with interactive protocols and therefore this issue was assigned Low severity. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this issue.CVE-2026-42770

References

Sources include official advisories and independent security research.