On June 9, 2026, the OpenSSL project released patches covering 18 vulnerabilities across its supported releases. The headline flaw, CVE-2026-45447, is rated high severity and has the potential for remote code execution. Not too long ago, a security advisory with 18 vulnerabilities would have been routine. Microsoft’s Patch Tuesday provided a predictable cycle, and organizations operated with the expectation of a meaningful remediation window. That model is under pressure.