THE latest OpenSSL patch addresses 18 vulnerabilities, highlighted by a high-severity flaw (CVE-2026-45447) that could enable remote code execution via a heap user-after-free bug in PKCS#7 verification. Discovered collaboratively by a researcher and Anthropic's Claude AI, this vulnerability can lead to heap corruption and application crashes. Moderate-severity flaws can allow for decrypted communications, arbitrary ciphertext forgery, and DoS attacks.
Alex Gaynor of Anthropic notably reported several vulnerabilities, signaling effective use of AI in identifying security flaws. This high-severity vulnerability is the second of 2026, with only one similar issue addressed last year.