Vulnerabilities
If you think you have found a security bug in OpenSSL, please report it to us.
Show issues fixed only in OpenSSL 3.6, 3.5, 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1, 1.1.0, 1.0.2, 1.0.1, 1.0.0, 0.9.8, 0.9.7, 0.9.6.
Note: All OpenSSL versions before 1.1.1 are out of support and no longer receiving updates. Extended support is available for 1.0.2 from OpenSSL Software Services for premium support customers.
Jump to year: 2026, 2025, 2024, 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002.
2026
CVE-2025-11187
Severity Moderate Published at 27 January 2026 Title Improper validation of PBMAC1 parameters in PKCS#12 MAC verification Found by Stanislav Fort (Aisle Research), Petr Šimeček (Aisle Research) and Hamza (Metadust) Fix developed by Tomáš Mráz Affected from 3.6.0 before 3.6.1
from 3.5.0 before 3.5.5
from 3.4.0 before 3.4.4 References CVE Record
... continue reading