CVE-2026-45445: AES-OCB IV Flaw in OpenSSL on Azure
🟠High | Source: Microsoft Security Response Center CVE-2026-45445 is a cryptographic vulnerability in OpenSSL’s AES-OCB mode where the Initialisation Vector (IV) is silently ignored when encryption or decryption is performed via the EVP_Cipher() API path. This means data intended to be protected with a unique IV may be encrypted with a predictable or reused nonce, undermining the confidentiality and integrity guarantees of AES-OCB. Any Azure service or workload relying on OpenSSL’s EVP_Cipher() with AES-OCB mode is potentially at risk of ciphertext forgery or plaintext recovery. ...