CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

🗓️ 09 Jun 2026 16:03:32Reported by opensslType

Incorrect tag handling for empty messages in AES-SIV and AES-GCM-SIV enables forgery with arbitrary authenticated data.

Reporter	Title	Published	Views	Family All 3
CVE	CVE-2026-45446	9 Jun 202616:03	–	cve
NVD	CVE-2026-45446	9 Jun 202617:17	–	nvd
Positive Technologies	PT-2026-47843	9 Jun 202600:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "4.0.1",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.6.3",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.7",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.6",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.21",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/security/commit/daca0f48e4a69a2892a62262bad59e62a8a76598
github	www.github.com/openssl/security/commit/71e2a5d263518cf5866043bd60ee4994d59e53a3
github	www.github.com/openssl/security/commit/eec5e9bf0d867333b8495e456f5235d225798a68
github	www.github.com/openssl/security/commit/7fe3f33a3b3a4c487aa4dcdbc87057f66ffd2b85
openssl-library	www.openssl-library.org/news/secadv/20260609.txt
github	www.github.com/openssl/security/commit/25b32cd9d41d2bc01b6abc425bb4baf2c2236fdc

09 Jun 2026 16:03Current

CWE-325