AISLE — AI Discovers 12 OpenSSL Zero-Days Including a 27-Year-Old Bug
AI Relevance: OpenSSL is the TLS backbone of every LLM API endpoint, model registry, and vector database connection—these vulnerabilities directly affect AI infrastructure transport security. Additionally, the discovery demonstrates AI-powered vulnerability research surpassing decades of human review.
- On January 27, 2026, OpenSSL released a coordinated patch for 12 previously unknown vulnerabilities, all discovered by an AI system built by a company called AISLE.
- CVE-2026-22796 (type confusion in PKCS#7 signature verification) dates back to 1998—inherited from the original SSLeay codebase that predates OpenSSL itself. It survived 27 years of audits.
- CVE-2025-15467 (HIGH severity): A stack buffer overflow in CMS AuthEnvelopedData parsing. An attacker can craft an oversized initialization vector that overflows a fixed-size stack buffer—before any cryptographic verification occurs. No valid key material required.
- CVE-2025-11187: Stack overflow in PKCS#12 (certificate/key bundle) processing via missing validation on password-based MAC parameters.
- CVE-2025-15468: Denial-of-service in QUIC protocol handling via unknown cipher suite triggering a crash.
- Three additional bugs also date to 1998–2000. Four quarter-century-old vulnerabilities in the most scrutinized crypto library on Earth.
- AISLE began analyzing OpenSSL in August 2025 and reported all findings through responsible disclosure. All 12 CVEs were confirmed and patched across seven release branches.
- OpenSSL is used by ~95% of IT organizations and encrypts roughly two-thirds of all internet traffic.
Why it matters
- Every LLM API call, every model download from Hugging Face, every vector DB query over TLS traverses OpenSSL (or a derivative). These bugs are in your AI stack's transport layer.
- The HIGH-severity CMS overflow (CVE-2025-15467) fires before auth—any system parsing encrypted payloads (S/MIME processors, document verification) is exposed.
- The discovery proves that AI vulnerability research can find bugs that 27 years of expert human review missed—a capability that attackers will also develop.
What to do
- Patch immediately: Update OpenSSL across all systems. Check all seven affected release branches.
- Prioritize CMS exposure: If you process S/MIME, CMS-signed documents, or encrypted payloads, the HIGH-severity CVE-2025-15467 is your urgent priority.
- Audit AI infra TLS: Confirm that model serving endpoints (vLLM, Triton, TGI), registries, and vector databases are running patched OpenSSL versions.
- Monitor for exploitation: Stack overflow primitives attract exploit developers quickly—watch for PoC publications.