Security Alert (A26-02-03): Multiple Vulnerabilities in OpenSSL Published on: 03 February 2026 Description: OpenSSL has released 1.0.2zn, 1.1.1ze, 3.0.19, 3.3.6, 3.4.4, 3.5.5 and 3.6.1 to fix the vulnerabilities in various versions of OpenSSL. The details of the security update can be found at: https://openssl-library.org/news/secadv/20260127.txt Affected Systems: OpenSSL 1.0.2 OpenSSL 1.1.1 OpenSSL 3.0.0 prior to version 3.0.19 OpenSSL 3.3.0 prior to version 3.3.6 OpenSSL 3.4.0 prior to version 3.4.4 OpenSSL 3.5.0 prior to version 3.5.5 OpenSSL 3.6.0 prior to version 3.6.1 Please note that OpenSSL version 3.1.x and 3.2.x have reached End-Of-Life (EOL). No security updates will be provided. Users should arrange upgrading to supported versions or migrating to other supported technology. Impact: Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, information disclosure or tampering on an affected system. Recommendation: Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk. More Information: https://openssl-library.org/news/secadv/20260127.txt https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities_20260203 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467 (to CVE-2025-15469) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418 (to CVE-2025-69421) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795 (to CVE-2026-22796) Tag: OpenSSL