Cve-2026-45446 on ZX Cloud Securityhttps://zxcloudsecurity.co.uk/tags/cve-2026-45446/Recent content in Cve-2026-45446 on ZX Cloud SecurityHugoen-GBFri, 20 Jun 2025 08:42:18 +0000CVE-2026-45446: AES-GCM-SIV Empty Message Tag Flawhttps://zxcloudsecurity.co.uk/posts/cve-2026-45446-aes-gcm-siv-empty-message-tag-processing-vulnerability/Sat, 20 Jun 2026 08:42:18 +0000https://zxcloudsecurity.co.uk/posts/cve-2026-45446-aes-gcm-siv-empty-message-tag-processing-vulnerability/CVE-2026-45446 exposes a tag processing flaw in AES-GCM-SIV and AES-SIV modes for empty messages, risking authentication bypass and data forgery.🟠 High  |  Source: Microsoft Security Response Center

CVE-2026-45446 is a vulnerability affecting AES-GCM-SIV and AES-SIV encryption modes, where empty messages are processed with incorrect authentication tags. This flaw could allow an attacker to bypass integrity checks on empty ciphertexts, potentially enabling undetected data tampering or forgery in systems relying on these encryption schemes.

Security Architect’s Take: Audit any Azure services or application code that uses AES-GCM-SIV or AES-SIV encryption, particularly where empty message handling is a possibility — apply Microsoft’s recommended patches or mitigations promptly and review cryptographic library dependencies for affected versions.

Original advisory: CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

]]>