OpenSSL January 2026 Security Update: CMS and PKCS#12 Buffer Overflows

OpenSSL disclosed multiple vulnerabilities (including high-severity CVE-2025-15467 and moderate CVE-2025-11187) affecting 1.0.2, 1.1.1, and 3.x releases that allow crafted CMS or PKCS#12 inputs to cause crashes and, in one case, potential remote code execution; the advisory lists impacted versions, reproduction examples, affected attack surfaces (e.g., S/MIME gateways, certificate import services), and recommends upgrading runtimes that bundle OpenSSL while noting exploitability is constrained by platform mitigations.