Detections
Analytics

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)

critical Nessus Plugin ID 322070

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory.

 Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like platforms.

 Impact summary: The heap buffer over-read may crash the application (Denial ofService) or to load into the decoded ASN.1 object contents of memory beyond theend of the input buffer. More typically such ASN.1 elements would instead betruncated.

 An integer truncation in OpenSSL's ASN.1 decoder causes the content length ofan ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In theworst case the truncated length is treated as a request to scan the binarycontent for a terminating zero byte, possibly causing OpenSSL to read eitherless than or beyond the end of the allocated buffer.

 Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), orany other d2i_* decoding function are affected. OpenSSL's own command-linetools are not vulnerable, as data read through the BIO layer is checked beforeit reaches the affected code. The issue only affects 64-bit Unix and Unix- likeplatforms; 32-bit platforms and 64-bit Windows are not affected.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue,as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-34180)

 Issue Summary: The PKCS#12 file processing fails to perform sufficient inputvalidation for files that use Password-Based Message Authentication Code 1(PBMAC1) integrity mechanism allowing a certificate and private key forgery.

 Impact Summary: An attacker impersonating a user can cause a service readingPKCS#12 files to accept forged certificates and private keys with a 1 in 256probability.

 If a service accepting PKCS#12 files is using passwords for authenticatingthe received files, the attacker can create unencrypted PKCS#12 files thatuse PBMAC1 authentication that specifies an HMAC key of only one byte, allowingthem to craft a file that will be accepted with a 1 in 256 probability.That would then cause the service to accept a certificate and private keycontrolled by the attacker.

 The FIPS modules are not affected by this issue, as the affected code isoutside the OpenSSL FIPS module boundary. (CVE-2026-34181)

 Issue Summary: Cryptographic Message Services (CMS) processing fails to performsufficient input validation on the cipher and tag length fields ofAuthEnvelopedData containers, leading to various potential compromises.

 Impact Summary: Attackers making use of these vulnerabilities may achievekey-equivalent functionality for a given CMS recipient and/or bypass integrityvalidation for a given message.

 In one use case, an attacker may send a CMS message containingAuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSLerroneously allows this selection, and attempts to decrypt and validate themessage.

 An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedDataaddressed to the victim can re- emit it with the recipientInfos set leftbyte-for-byte intact, so the victim's private key still unwraps the genuine CEK(the content-encryption key), but with the inner OID rewritten to AES-256-OFB(Output Feedback Mode, an unauthenticated keystream mode) and with anattacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under thereal CEK, never consults the MAC field, and CMS_decrypt() returns success.

 If the application under attack responds to the attacker with any indicatorshowing success or failure of the decryption effort, it is possible for theattacker to use this as an oracle to obtain key equivalent functionality for theCEK used for the chosen recipient of the message.

 In another use case, an attacker can reduce the tag length of the chosen AEADcipher for a given AuthEnvelopedData container to be a single byte long,allowing an attacker to brute force CMS decryption, producing an integritybypass for applications that trust CMS_decrypt() to reject modified content.

 The FIPS modules are not affected by this issue. (CVE-2026-34182)

 Issue summary: Remote peer may exhaust heap memory of the QUICserver or client by flooding it with packets containing PATH_CHALLENGEframes.

 Impact summary: A malicious remote peer can cause an unboundedmemory allocation which can lead to an abnormal termination of theapplication acting as a QUIC client or server and a Denial of Service.

 A remote peer may exhaust heap memory by flooding the localQUIC stack with PATH_CHALLENGE frames. The local QUIC stackallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.The allocated PATH_RESPONSE frame gets freed only when the remotepeer acknowledges reception of the PATH_RESPONSE frame which willnot be done by a malicious peer.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected bythis issue. The QUIC stack is outside of OpenSSL FIPS moduleboundary. (CVE-2026-34183)

 Issue summary: Receiving a QUIC initial packet with an invalid token maytrigger a NULL pointer dereference in the OpenSSL QUIC server withaddress validation disabled.

 Impact summary: NULL pointer dereference typically causes abnormal terminationof the affected QUIC server process and a Denial of Service.

 If the address validation is disabled in the OpenSSL QUIC serverimplementation, an attacker can crash the server by sending an initialpacket with an invalid or expired token.

 By default, the client address validation is enabled in the OpenSSL QUIC serverimplementation, which makes the default configuration not vulnerableto this issue. However if the SSL_LISTENER_FLAG_NO_VALIDATE is used withthe SSL_new_listener() call, the address validation is disabled making thevulnerable code reachable.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-42764)

 Issue summary: A specially crafted password-encrypted CMS messagecan trigger a NULL pointer dereference during CMS decryption.

 Impact summary: This NULL pointer dereference leads to an application crashand a Denial of Service.

 The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined asOPTIONAL in the ASN.1 specification and may therefore be absent in speciallycrafted inputs. During the password-based CMS decryption the OpenSSLCMS implementation dereferences this field without first checking whether itwas present.

 An attacker who supplies such a CMS message to an application performingpassword-based CMS decryption can trigger an application crash, leading toa Denial of Service.

 Applications that process password-encrypted CMS messages may be affected.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-42766)

 Issue summary: An attacker-controlled CMP (Certificate Management Protocol)server could trigger a NULL pointer dereference in a CMP client application.

 Impact summary: A NULL pointer dereference causes a crash of theapplication and a Denial of Service.

 An attacker controlling a CMP server (or acting as a man-in-the-middle) couldcraft a CMP response containing a CRMF (Certificate Request Message Format)CertRepMessage with an EncryptedValue structure where the symmAlg fieldhas an algorithm OID but no parameters field. When the OpenSSL CMP clientprocesses this response, the NULL dereference occurs, causing a crash ofthe CMP client.

 Applications that process untrusted CMP/CRMF messages may be affected.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-42767)

 Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable toBleichenbacher-style attack when an attacker is able to provide the CMS orS/MIME messages and observe the error code and/or decryption output.

 Impact summary: The Bleichenbacher-style attack allows an attacker to use thevictim's vulnerable application as a way to decrypt or sign messages with thevictim's private RSA key.

 The attack is possible in 2 variants.

 1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used withoutproviding the recipient certificate.
 In this case OpenSSL iterates over everyKeyTransRecipientInfo (KTRI) without stopping at the first success.

 An attacker who authors a message with two KTRI entries -- the first onewrapping a real CEK under the victim's public key, the second with anarbitrary probe ciphertext -- obtains opportunity to iterate the 2nd KTRI toget a valid PKCS#1 v1.5 padding if the error code of the application isavailable.

 That is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): anadaptive-chosen-ciphertext side channel from which the attacker decrypts anyRSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature underit.

 2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided withthe recipient certificate, and the recipient is not found, a randomkey is substituted.

 An attacker who authors a message and is able to compare both error code andthe result of the decryption, can mount a Bleichenbacher oracle.

 We are not aware of any applications that provide a remote attackeran opportunity to mount an attack described in these scenarios. We considerthe existence of such application very unlikely, and for this reason thisCVE has been evaluated as Low severity.

 To avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, theinvoked EVP_PKEY_decrypt() will use the implicit rejection mechanism describedin draft-irtf-cfrg-rsa-guidance. In previous OpenSSL releases the implicitrejection was explicitly disabled.

 The implicit rejection mechanism always returns a plaintext value,the symmetric key. This result is deterministic for the ciphertext and theprivate key. The length of the decryption result can happen to match thelength of the key of the symmetric cipher that was used for the contentencryption. When a certificate is not provided, the last RecipientInfoproducing a key that looks valid will be used. It may cause getting garbagecontent on decryption. As a proper way to deal with this a recipientcertificate has to be provided to identify the particular RecipientInfo fordecryption.

 The FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, asCMS and S/MIME processing happens outside the OpenSSL FIPS module boundary. (CVE-2026-42768)

 Issue Summary: An error in the callback used to verify the certificateprovided in a Root CA key update Certificate Management Protocol (CMP)message response rendered the certificate validation ineffectual, whichcould lead to escalation of credentials from the Registration Authority (RA)level to the root Certification Authority (root CA) level.

 Impact Summary: The Registration Autority could replace the root CAcertificate for the CMP clients with an arbitrary root CA certificate.

 One of the parts of the Certificate Management Protocol (CMP), specified inRFC 9810, is Root Certification Authority (root CA) key Rollover,which is sent by the server in a message with type 'id-it- rootCaKeyUpdate'.As part of these messages, 'newWithOld' certificate, the new root CAcertificate signed with the old root CA key, is provided, and verifying itssignature is crucial for transferring the trust from the old CA key to thenew one.

 The 'id-it-rootCaKeyUpdate' messages are expected to be processed withOSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld'certificate. A typo in the certificate chain building code led to addingan incorrect certificate ('newWithOld' instead of 'oldRoot') to thecertificate chain, rendering the certificate verification process ineffectual(only the issuer name and the algorithm OIDs were verified by other partsof the verification code).

 An attacker who already has credentials that satisfy the CMP messageprotection checks can generate a new key pair and use a crafted self-signedcertificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMPclients would accept as a new trust anchor.

 Significant preconditions for the attack (having valid RA-level credentials)are the reason the issue was assigned Low severity.

 The FIPS modules are not affected by this issue, as the affected code isoutside the OpenSSL FIPS module boundary. (CVE-2026-42769)

 Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)peer key, the peer key is not properly checked for the subgroup membership.

 Impact summary: A malicious peer which presents an X9.42 key carrying thevictim's p and g parameters, a forged q = r (a small prime factor of thecofactor (p-1)/q_local), and a public value Y of order r can recover thevictim's private key after a small number of key exchange attempts.

 When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, thesubgroup membership check Y^q [?] 1 (mod p) is performed using the peer'sown q parameter, not the local key's q. The peer's domain parameters arethen matched against the domain parameters of the private key, but the valueof q is not compared.

 A malicious peer who presents an X9.42 key carrying the victim's p, g,a forged q = r (a small prime factor of the cofactor), and a publicvalue Y of order r passes all checks. The shared secret then takes onlyr distinct values, leaking priv mod r. Repeating for each small-primefactor of the cofactor and combining via CRT recovers the full privatekey (Lim-Lee / small-subgroup-confinement attack).

 The realistic attack surface is narrow: principally CMP deployments withlong-lived RA/CA DHX keys and bespoke enterprise or government applicationsusing X9.42 DHX static keys with interactive protocols and therefore thisissue was assigned Low severity.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by thisissue. (CVE-2026-42770)

 Issue summary: When an application drives an AES-OCB context through thepublic EVP_Cipher() one-shot interface, the application-suppliedinitialisation vector (IV) is silently discarded.

 Impact summary: Every message encrypted under the same key uses thesame effective nonce regardless of the IV supplied by the caller,resulting in (key, nonce) reuse and loss of confidentiality. If thesame code path is used to compute the authentication tag, the tagdepends only on the (key, IV) pair and not on the plaintext orciphertext, allowing universal forgery of arbitrary ciphertext from asingle captured message.

 OpenSSL provides two ways to drive a cipher: the documented streaminginterface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-levelone-shot, EVP_Cipher(), whose documentation explicitly recommendsagainst use by applications in favour of EVP_CipherUpdate() andEVP_CipherFinal_ex(). The OCB provider's streaming handler flushesthe application-supplied IV into the OCB context before processingdata; the one-shot handler did not. Every call to EVP_Cipher() on anAES-OCB context therefore ran with the all-zero key-derived offsetstate left by cipher initialisation, regardless of the caller's IV.

 If EVP_EncryptFinal_ex() is subsequently used to obtain theauthentication tag, the deferred IV setup runs at that point andclears the running checksum that should have been accumulated over theplaintext. The resulting tag is a function of (key, IV) only andverifies against any ciphertext produced under the same (key, IV)pair.

 The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not aTLS cipher suite, and libssl does not call EVP_Cipher() in any case.Applications that drive AES-OCB through the documented streaming AEADAPI (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Onlyapplications that combine the AES-OCB cipher with the EVP_Cipher()one-shot API are vulnerable.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected bythis issue, as AES-OCB is outside the OpenSSL FIPS module boundary. (CVE-2026-45445)

 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV(RFC 8452) mishandle the authentication of AAD (Additional AuthenticatedData) with an empty ciphertext allowing a forgery of such messages.

 Impact summary: An attacker can forge empty messages with arbitrary AADto the victim's application using these ciphers.

 AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEADmodes: they accept a key, nonce, optional AAD (bytes that are authenticatedbut not encrypted), and plaintext, and produces ciphertext plus a 16-bytetag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success onlyif the tag is verified succesfully.

 In OpenSSL's provider implementation of these ciphers, the expected tag iscomputed only when decryption function is invoked with non-empty data.If the caller supplies AAD and then calls `EVP_DecryptFinal_ex()` withoutinvocation of the ciphertext update, which can happen when the receivedciphertext length is zero, the tag is never recalculated and still holds itsall-zeros value.

 When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, emptyciphertext, and all-zeros tag passes authentication under any key they do notknow, single-shot. When AES-SIV is used, for mounting the attack it'snecessary for the application to reuse the decryption context withoutresetting the key.

 AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented sinceOpenSSL 3.2.

 No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) supporteither AES-GCM-SIV or AES-SIV.
 To mount an attack, the applications mustimplement their own protocol and use the EVP interface. Also they must skip theciphertext update when a message with an empty ciphertext arrives.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as these algorithms are not FIPS approved and the affected code isoutside the OpenSSL FIPS module boundary. (CVE-2026-45446)

 Issue summary: A specially crafted PKCS#7 or S/MIME signed message couldtrigger a use-after-free during PKCS#7 signature verification.

 Impact summary: A use-after-free may result in process crashes, heapcorruption, or potentially remote code execution.

 When processing a PKCS#7 or S/MIME signed message, if the SignedDatadigestAlgorithms field is present as an empty ASN.1 SET, OpenSSL mayincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequentuse of the BIO by the calling application results in a use-after-freecondition.

 In the common case this occurs when the application later callsBIO_free() on the BIO originally passed to PKCS7_verify(). Dependingon allocator behavior and application-specific BIO usage patterns, thismay result in a crash or other memory corruption. In some applicationcontexts this may potentially be exploitable for remote code execution.

 Applications that process PKCS#7 or S/MIME signed messages using OpenSSLPKCS#7 APIs may be affected.
 Applications using the CMS APIs for thisprocessing are not affected.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-45447)

 Issue summary: A signed integer overflow when sizing the destinationbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heapbuffer overflow.

 Impact summary: A heap buffer overflow may lead to a crash or possiblyattacker controlled code execution or other undefined behaviour.

 In ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destinationsize for Unicode output is computed in a signed int: by left shiftof the input character count for BMPSTRING (UTF-16) andUNIVERSALSTRING (UTF-32), and by summing per-character byte countsfor UTF8STRING. The calculation overflows when the input reachesaround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30characters) the size wraps to zero, OPENSSL_malloc(1) is called, andthe subsequent character copy writes several gigabytes past theone- byte allocation.

 X.509 certificate processing routes through ASN1_STRING_set_by_NID(),whose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NIDsize limits cap the input length; no network protocol orcertificate- handling path in OpenSSL exercises the overflow.Triggering the bug requires an application that callsASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registersa custom string type via ASN1_STRING_TABLE_add(), withattacker-controlled input on the order of half a gigabyte or more.For these reasons this issue was assigned Low severity.

 The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected bythis issue, as the affected code is outside the OpenSSL FIPS moduleboundary. (CVE-2026-7383)

 Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)processes attacker-supplied CMS data, an attacker-chosen stream-mode KEKcipher can trigger a heap out-of-bounds read in kek_unwrap_key().

 Impact summary: A heap buffer over-read may trigger a crash which leads toDenial of Service for an application if the input buffer ends at a memorypage boundary and the following page is unmapped. There is no informationdisclosure as the over-read bytes are not revealed to the attacker.

 The key unwrapping function performs a check-byte test as specified in theRFC that reads 7 bytes from a heap allocation that is based on the wrappedkey length from the message. There is a minimum length check based on theblock length of the wrapping cipher. However the cipher is selected froman OID carried in the attacker's PWRI keyEncryptionAlgorithm with norequirement that the cipher be a block cipher. When an attacker selectsa stream-mode cipher the guard will be ineffective and the allocated buffercontaining the unwrapped key can be too small to fit the check-bytesspecified in the RFC and a buffer over-read can happen.

 Applications calling CMS_decrypt() or CMS_decrypt_set1_password()(equivalently openssl cms -decrypt
 -pwri_password ...) on untrusted CMSdata are vulnerable to this issue. No password knowledge is required:
 theover-read happens during the unwrap attempt before any authenticationsucceeds.

 The over-read is limited to a few bytes and is not written to output, sothere is no information disclosure. Triggering a crash requires theallocation to border unmapped memory, which is unlikely with the normalallocator.

 The FIPS modules are not affected by this issue. (CVE-2026-9076)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update openssl --releasever 2023.12.20260622' or or 'dnf update --advisory ALAS2023-2026-1853 --releasever 2023.12.20260622' to update your system.

See Also

https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1853.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2026-34180.html

https://explore.alas.aws.amazon.com/CVE-2026-34181.html

https://explore.alas.aws.amazon.com/CVE-2026-34182.html

https://explore.alas.aws.amazon.com/CVE-2026-34183.html

https://explore.alas.aws.amazon.com/CVE-2026-42764.html

https://explore.alas.aws.amazon.com/CVE-2026-42766.html

https://explore.alas.aws.amazon.com/CVE-2026-42767.html

https://explore.alas.aws.amazon.com/CVE-2026-42768.html

https://explore.alas.aws.amazon.com/CVE-2026-42769.html

https://explore.alas.aws.amazon.com/CVE-2026-42770.html

https://explore.alas.aws.amazon.com/CVE-2026-45445.html

https://explore.alas.aws.amazon.com/CVE-2026-45446.html

https://explore.alas.aws.amazon.com/CVE-2026-45447.html

https://explore.alas.aws.amazon.com/CVE-2026-7383.html

https://explore.alas.aws.amazon.com/CVE-2026-9076.html

Plugin Details

Severity: Critical

ID: 322070

File Name: al2023_ALAS2023-2026-1853.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/22/2026

Updated: 6/22/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-45447

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-34182

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:openssl-debugsource, p-cpe:/a:amazon:linux:openssl-perl, p-cpe:/a:amazon:linux:openssl-fips-provider-latest-debuginfo, p-cpe:/a:amazon:linux:openssl-snapsafe-libs-debuginfo, p-cpe:/a:amazon:linux:openssl-snapsafe-libs, p-cpe:/a:amazon:linux:openssl-libs-debuginfo, p-cpe:/a:amazon:linux:openssl-devel, p-cpe:/a:amazon:linux:openssl-fips-provider-latest, p-cpe:/a:amazon:linux:openssl-debuginfo, p-cpe:/a:amazon:linux:openssl, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:openssl-libs

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/22/2026

Vulnerability Publication Date: 6/9/2026

Reference Information

CVE: CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447, CVE-2026-7383, CVE-2026-9076

IAVA: 2026-A-0589