Skip to main content
Skip table of contents

ISN 2026-03: OpenSSL Vulnerability

First published 17 February 2026

CVSS:3.1: 8.6 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Summary

A security vulnerability has been found in OpenSSL, a cryptography library and toolkit used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

OpenSSL is affected by a stack buffer overflow when parsing CMS or PKCS#7 content that uses AEAD ciphers, e.g. in S/MIME messages. The issue can lead to a crash, causing denial of service, or potentially remote code execution. This vulnerability is tracked as CVE-2025-15467 and rated as high.

Update Instructions

  • OS 12: Update to the IGEL OS Base System app in version 12.8.1 or newer when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS 11.11.150 or newer when available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close