June 23, 2026 Stories worth reading. Perspectives worth sharing.
CVE-2026-45445: AES-OCB IV Handling Flaw in OpenSSL EVP_Cipher()—Immediate Audit and Patch Guidance
Cybersecurity

CVE-2026-45445: AES-OCB IV Handling Flaw in OpenSSL EVP_Cipher()—Immediate Audit and Patch Guidance

Mo Wasay June 22, 2026 5 min read
CVE-2026-45445: AES-OCB IV Handling Flaw in OpenSSL EVP_Cipher()—Immediate Audit and Patch Guidance

THREAT BRIEF

On June 2026, Microsoft published CVE-2026-45445, identifying a flaw in OpenSSL’s AES-OCB encryption mode: specifically, the Initialization Vector (IV) parameter is ignored when using EVP_Cipher(). This oversight compromises the expected cryptographic security, resulting in potential plaintext exposure and data replay vulnerabilities. The flaw does not affect all cipher modes, but is specific to AES-OCB when invoked through the EVP interface.

In cryptography, the IV is essential for ensuring unique ciphertexts—even when identical plaintexts are encrypted. Ignoring the IV allows attackers to predict encryption results, replay attacks, or deduce plaintext under certain circumstances.

Official advisory and details: MSRC CVE-2026-45445.

WHAT CHANGED IN THIS RELEASE / ADVISORY

  • Affected Versions: OpenSSL builds shipping with Windows and Azure services, as well as any custom deployments using OpenSSL 3.x (exact version range varies—check vendor advisories for details).
  • CVE Addressed: CVE-2026-45445.
  • Behavioral Difference: Previously, the EVP_Cipher() API failed to respect the IV parameter for AES-OCB mode. Patched versions now enforce IV handling, restoring intended cryptographic guarantees.

This is a silent failure—applications may believe they are using a secure IV, but OpenSSL discards it. This can affect server-side encryption, secure messaging, and custom integrations in Windows or Azure environments.

SCOPE & IMPACT

  • Systems: Windows, Azure, and any Linux systems using OpenSSL for AES-OCB encryption via the EVP API.
  • Configurations: Applications, scripts, or services relying on AES-OCB mode through EVP_Cipher().
  • Users: Developers, sysadmins, and security teams deploying encryption in custom workflows, particularly those integrating OpenSSL directly.

Potential impacts include data exposure, replay attacks, and regulatory non-compliance for encrypted data at rest or in transit.

HOW IT WORKS

The EVP API is OpenSSL’s high-level interface for encryption. AES-OCB is an authenticated encryption mode requiring a unique IV for each operation. The flaw causes the IV parameter to be ignored during encryption or decryption, leading to deterministic outputs and vulnerability to replay or plaintext recovery attacks.

Example scenario: an application encrypts user data with AES-OCB, believing each session uses a unique IV. Due to the bug, the IV is not applied, producing identical ciphertexts for identical plaintexts—making the data vulnerable to cryptanalysis.

Any system using EVP_Cipher() with AES-OCB is potentially exposed, regardless of the IV generation strategy.

DETECTION

Audit OpenSSL versions and search for AES-OCB usage in your codebase. The following PowerShell and Bash snippets help enumerate OpenSSL installations and check for vulnerable versions:

Windows/Azure (PowerShell)

# Report OpenSSL versions, focusing on AES-OCB usage
try {
  $opensslPath = Get-Command openssl | Select-Object -ExpandProperty Source
  $version = & $opensslPath version
  Write-Output "OpenSSL binary: $opensslPath"
  Write-Output "OpenSSL version: $version"
} catch {
  Write-Warning "OpenSSL not found in PATH."
}
# Check for AES-OCB presence
try {
  $cipherList = & $opensslPath list -cipher-commands
  if ($cipherList -match "ocb") {
    Write-Output "AES-OCB mode available. Audit application usage."
  } else {
    Write-Output "AES-OCB mode not present."
  }
} catch {
  Write-Warning "Unable to list cipher commands."
}

Linux (Bash)

if command -v openssl > /dev/null; then
  OPENSSL_BIN=$(command -v openssl)
  VERSION=$($OPENSSL_BIN version)
  echo "OpenSSL binary: $OPENSSL_BIN"
  echo "OpenSSL version: $VERSION"
  CIPHER_LIST=$($OPENSSL_BIN list -cipher-commands 2>/dev/null | grep -i ocb)
  if [ ! -z "$CIPHER_LIST" ]; then
    echo "AES-OCB mode available. Audit application usage."
  else
    echo "AES-OCB mode not present."
  fi
else
  echo "OpenSSL not found in PATH."
fi

For deeper audits, search codebases for EVP_Cipher() and ocb references.

REMEDIATION

  • Patch OpenSSL: Upgrade to the vendor-provided patched version. Check Microsoft, Azure, and your distribution for updated OpenSSL packages addressing CVE-2026-45445.
  • Audit Application Logic: Review code using AES-OCB mode via EVP; ensure IV is properly handled post-patch.
  • Compensating Control: If patching is delayed, switch to a different authenticated encryption mode (e.g., AES-GCM) known to handle IVs correctly.
  • Regenerate Keys/IVs: For encrypted data at rest, consider re-encrypting with fresh keys and IVs after patching, especially for sensitive assets.
  • Reporting Mode: All scripts and audits above default to reporting only—no changes are made.

Note: Changing encryption modes or re-encrypting data may be irreversible and require migration planning.

MITIGATION PRIORITY

Urgency: Immediate. This flaw undermines fundamental encryption guarantees. Any application using AES-OCB via OpenSSL’s EVP_Cipher() path must be audited and patched without delay. Exposure may be silent and widespread, especially in custom integrations.

WHAT’S COMING

  • Scheduled Patches: Microsoft and major Linux distributions have signaled rapid rollout of patched OpenSSL binaries. Azure services will update underlying OpenSSL libraries as part of their next maintenance window.
  • Vendor Roadmap: OpenSSL maintainers are reviewing all authenticated modes for similar issues. Expect increased scrutiny and stricter IV handling in upcoming releases.
  • Mitigation Preparation: Prepare for forced key/IV rotation and consider automated re-encryption workflows. Monitor vendor advisories for further updates.

TREND CHECK

This class of cryptographic implementation bug—IV mishandling or silent parameter drop—is becoming less common as libraries mature and receive more formal verification. However, the continued discovery of such flaws shows that even widely-used cryptographic APIs are not immune. Recent similar incidents (e.g., GCM nonce reuse, ChaCha20-Poly1305 misconfiguration) underscore the need for rigorous API auditing.

Microsoft and OpenSSL maintainers are improving their security posture: rapid disclosure, clear advisories, and coordinated patching indicate a positive trend. Practitioners should expect tighter controls and more explicit parameter validation in future cryptographic releases.

Bottom line: Audit and patch now, and track vendor advisories closely. IV handling is a foundational security property—when in doubt, prefer well-tested modes and APIs.