Updated 3 March (Update OS 12 fix version)
First published 17 February 2026
CVSS:3.1: 8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
A security vulnerability has been found in OpenSSL, a cryptography library and toolkit used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
OpenSSL is affected by a stack buffer overflow when parsing CMS or PKCS#7 content that uses AEAD ciphers, e.g. in S/MIME messages. The issue can lead to a crash, causing denial of service, or potentially remote code execution. This vulnerability is tracked as CVE-2025-15467 and rated as high.
Update Instructions
-
OS 12: Update to the IGEL OS Base System app in version 12.8.0 or newer when available from the IGEL App Portal.
-
OS 11: Update to IGEL OS 11.11.150 or newer when available.
References
-
OpenSSL Security Advisory: https://openssl-library.org/news/secadv/20260127.txt