CVE Catalog

CVE-2026-7511

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

The vulnerability in PKCS7_verify allows signer confusion, enabling forged signatures to be accepted. The lack of proper binding between a signature and its signer bypasses verification mechanisms.

Risk Assessment

The organization may accept documents or data signed by an unauthorized party, compromising integrity and authenticity, potentially leading to social engineering or impersonation attacks.

Recommendation

Immediately update the cryptographic library to a version that fixes the signer binding verification. Until updated, suspend trust in PKCS#7 signatures from untrusted sources.

Original NVD description (English source)

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS