Linux Distros Unpatched Vulnerability : CVE-2026-45445

🗓️ 10 Jun 2026 00:00:00Reported by TenableType

Unpatched Linux systems risk nonce reuse in AES-OCB via OpenSSL EVP_Cipher() one-shot ignoring IV.

Reporter	Title	Published	Views	Family All 36
FreeBSD	OpenSSL -- Multiple vulnerabilities	9 Jun 202600:00	–	freebsd
FreeBSD	FreeBSD -- Multiple vulnerabilities in OpenSSL	9 Jun 202600:00	–	freebsd
AlpineLinux	CVE-2026-45445	9 Jun 202616:03	–	alpinelinux
Chainguard	CVE-2026-45445 vulnerabilities	11 Jun 202613:18	–	cgr
Circl	CVE-2026-45445	10 Jun 202604:55	–	circl
CVE	CVE-2026-45445	9 Jun 202616:03	–	cve
Cvelist	CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path	9 Jun 202616:03	–	cvelist
Debian	[SECURITY] [DSA 6335-1] openssl security update	9 Jun 202621:45	–	debian
Debian CVE	CVE-2026-45445	9 Jun 202616:03	–	debiancve
Tenable Nessus	Debian dsa-6335 : libcrypto3-udeb - security update	10 Jun 202600:00	–	nessus

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2026-45445
ubuntu	www.ubuntu.com/security/CVE-2026-45445
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320335);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/10");

  script_cve_id("CVE-2026-45445");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-45445");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot
    interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary:
    Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by
    the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to
    compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or
    ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message. OpenSSL
    provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate /
    EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends
    against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's
    streaming handler flushes the application-supplied IV into the OCB context before processing data; the
    one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero
    key-derived offset state left by cipher initialisation, regardless of the caller's IV. If
    EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at
    that point and clears the running checksum that should have been accumulated over the plaintext. The
    resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same
    (key, IV) pair. The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and
    libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented
    streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that
    combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable. The FIPS modules in 4.0,
    3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module
    boundary. (CVE-2026-45445)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-45445");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-45445");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-45445");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:26.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:edk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-14", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10", "Host/OS/Ubuntu Linux-26.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libcrypto1.1-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl1.1"},
          {"reference": "libssl1.1-udeb"},
          {"reference": "openssl"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "openssl-provider-fips"},
          {"reference": "openssl-provider-legacy"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3"},
          {"reference": "libssl3-udeb"},
          {"reference": "nodejs"},
          {"reference": "openssl"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-arm"},
          {"reference": "efi-shell-ia32"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-arm"},
          {"reference": "efi-shell-ia32"},
          {"reference": "efi-shell-loongarch64"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "openssl-provider-legacy"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "ovmf-inteltdx"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"},
          {"reference": "qemu-efi-loongarch64"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  },
  "Ubuntu Linux-26.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "26.04",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-loongarch64"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "openssl-provider-legacy"},
          {"reference": "ovmf"},
          {"reference": "ovmf-amdsev"},
          {"reference": "ovmf-generic"},
          {"reference": "ovmf-inteltdx"},
          {"reference": "ovmf-legacy"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-loongarch64"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Jun 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.0002

SSVC