CVE-2026-7511
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
The vulnerability in PKCS7_verify allows signer confusion, enabling forged signatures to be accepted. The lack of proper binding between a signature and its signer bypasses verification mechanisms.
Risk Assessment
The organization may accept documents or data signed by an unauthorized party, compromising integrity and authenticity, potentially leading to social engineering or impersonation attacks.
Recommendation
Immediately update the cryptographic library to a version that fixes the signer binding verification. Until updated, suspend trust in PKCS#7 signatures from untrusted sources.
Original NVD description (English source)
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

