Linux Distros Unpatched Vulnerability : CVE-2026-45446

🗓️ 10 Jun 2026 00:00:00Reported by TenableType

Unpatched Linux hosts can forge empty messages with arbitrary AAD due to an OpenSSL decrypt flaw in AES-SIV and AES-GCM-SIV.

Reporter	Title	Published	Views	Family All 27
FreeBSD	OpenSSL -- Multiple vulnerabilities	9 Jun 202600:00	–	freebsd
FreeBSD	FreeBSD -- Multiple vulnerabilities in OpenSSL	9 Jun 202600:00	–	freebsd
AlpineLinux	CVE-2026-45446	9 Jun 202616:03	–	alpinelinux
CVE	CVE-2026-45446	9 Jun 202616:03	–	cve
Cvelist	CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes	9 Jun 202616:03	–	cvelist
Debian	[SECURITY] [DSA 6335-1] openssl security update	9 Jun 202621:45	–	debian
Debian CVE	CVE-2026-45446	9 Jun 202616:03	–	debiancve
Tenable Nessus	Debian dsa-6335 : libcrypto3-udeb - security update	10 Jun 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.0.0 < 3.0.21 Multiple Vulnerabilities	9 Jun 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.4.0 < 3.4.6 Multiple Vulnerabilities	9 Jun 202600:00	–	nessus

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2026-45446
ubuntu	www.ubuntu.com/security/CVE-2026-45446
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320315);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/10");

  script_cve_id("CVE-2026-45446");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-45446");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the
    authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such
    messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's
    application using these ciphers. AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant
    AEAD modes: they accept a key, nonce, optional AAD (bytes that are authenticated but not encrypted), and
    plaintext, and produces ciphertext plus a 16-byte tag. On decrypt, `EVP_DecryptFinal_ex()` is documented
    to return success only if the tag is verified succesfully. In OpenSSL's provider implementation of these
    ciphers, the expected tag is computed only when decryption function is invoked with non-empty data. If the
    caller supplies AAD and then calls `EVP_DecryptFinal_ex()` without invocation of the ciphertext update,
    which can happen when the received ciphertext length is zero, the tag is never recalculated and still
    holds its all-zeros value. When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty
    ciphertext, and all-zeros tag passes authentication under any key they do not know, single-shot. When AES-
    SIV is used, for mounting the attack it's necessary for the application to reuse the decryption context
    without resetting the key. AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since
    OpenSSL 3.2. No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support either AES-GCM-
    SIV or AES-SIV. To mount an attack, the applications must implement their own protocol and use the EVP
    interface. Also they must skip the ciphertext update when a message with an empty ciphertext arrives. The
    FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as these algorithms are not
    FIPS approved and the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-45446)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-45446");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-45446");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-45446");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:26.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:edk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-14", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10", "Host/OS/Ubuntu Linux-26.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libcrypto1.1-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl1.1"},
          {"reference": "libssl1.1-udeb"},
          {"reference": "openssl"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "openssl-provider-fips"},
          {"reference": "openssl-provider-legacy"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3"},
          {"reference": "libssl3-udeb"},
          {"reference": "nodejs"},
          {"reference": "openssl"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-arm"},
          {"reference": "efi-shell-ia32"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-arm"},
          {"reference": "efi-shell-ia32"},
          {"reference": "efi-shell-loongarch64"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "openssl-provider-legacy"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "ovmf-inteltdx"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"},
          {"reference": "qemu-efi-loongarch64"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  },
  "Ubuntu Linux-26.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "26.04",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-loongarch64"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "libcrypto3-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl3-udeb"},
          {"reference": "libssl3t64"},
          {"reference": "openssl"},
          {"reference": "openssl-provider-legacy"},
          {"reference": "ovmf"},
          {"reference": "ovmf-amdsev"},
          {"reference": "ovmf-generic"},
          {"reference": "ovmf-inteltdx"},
          {"reference": "ovmf-legacy"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-loongarch64"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Jun 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.8

SSVC