CVE-2026-45446: AES-GCM-SIV Empty Message Tag Flaw
🟠High | Source: Microsoft Security Response Center CVE-2026-45446 is a vulnerability affecting AES-GCM-SIV and AES-SIV encryption modes, where empty messages are processed with incorrect authentication tags. This flaw could allow an attacker to bypass integrity checks on empty ciphertexts, potentially enabling undetected data tampering or forgery in systems relying on these encryption schemes. Security Architect’s Take: Audit any Azure services or application code that uses AES-GCM-SIV or AES-SIV encryption, particularly where empty message handling is a possibility — apply Microsoft’s recommended patches or mitigations promptly and review cryptographic library dependencies for affected versions. ...