CVE-2026-5500: Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-15

EPSS Score

0.13% (percentile: 32.8%)

Affected Products (2)

Other

• 21143-17086

Open Source Software

• azl3 mariadb 10.11.16-1 on Azure Linux 3.0

Revision History

• 2026-04-15: Information published.