{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-45445/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-10T07:48:10.949Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-45445","@id":"https://www.cve.org/CVERecord?id=CVE-2026-45445","description":"Issue summary: When an application drives an AES-OCB context through the\npublic EVP_Cipher() one-shot interface, the application-supplied\ninitialisation vector (IV) is silently discarded.\n\nImpact summary: Every message encrypted under the same key uses the\nsame effective nonce regardless of the IV supplied by the caller,\nresulting in (key, nonce) reuse and loss of confidentiality.  If the\nsame code path is used to compute the authentication tag, the tag\ndepends only on the (key, IV) pair and not"},"products":[{"@id":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 3.0.21, 3.4.6, 3.5.7, 3.6.3, 4.0.1.","timestamp":"2026-06-10T07:48:10.949Z"}]}