Security Alert (A26-02-03): Multiple Vulnerabilities in OpenSSL


 

Published on: 03 February 2026

Description:

OpenSSL has released 1.0.2zn, 1.1.1ze, 3.0.19, 3.3.6, 3.4.4, 3.5.5 and 3.6.1 to fix the vulnerabilities in various versions of OpenSSL. The details of the security update can be found at:
https://openssl-library.org/news/secadv/20260127.txt

 

Affected Systems:

  • OpenSSL 1.0.2
  • OpenSSL 1.1.1
  • OpenSSL 3.0.0 prior to version 3.0.19
  • OpenSSL 3.3.0 prior to version 3.3.6
  • OpenSSL 3.4.0 prior to version 3.4.4
  • OpenSSL 3.5.0 prior to version 3.5.5
  • OpenSSL 3.6.0 prior to version 3.6.1

Please note that OpenSSL version 3.1.x and 3.2.x have reached End-Of-Life (EOL). No security updates will be provided. Users should arrange upgrading to supported versions or migrating to other supported technology.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, information disclosure or tampering on an affected system.

 

Recommendation:

Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://openssl-library.org/news/secadv/20260127.txt
  • https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities_20260203
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467 (to CVE-2025-15469)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418 (to CVE-2025-69421)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795 (to CVE-2026-22796)


Tag: OpenSSL
Tags