Vulnerability-Lookup

CVE-2026-28387 (GCVE-0-2026-28387)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08

Title

Potential Use-after-free in DANE Client Code

Summary

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

openssl

References

8 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/258a8f6…	patch
https://github.com/openssl/openssl/commit/444958d…	patch
https://github.com/openssl/openssl/commit/07e727d…	patch
https://github.com/openssl/openssl/commit/7a4e08c…	patch
https://github.com/openssl/openssl/commit/ec03fa0…	patch
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Date Public

2026-04-07 14:00

Credits

Igor Morgenstern (Aisle Research) Viktor Dukhovni Alexandr Nedvedicky

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T03:56:07.962224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-10T20:10:20.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:58.724Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zg",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Igor Morgenstern (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Alexandr Nedvedicky"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\u003cbr\u003eserver authentication, when paired with uncommon server DANE TLSA records, may\u003cbr\u003eresult in a use-after-free and/or double-free on the client side.\u003cbr\u003e\u003cbr\u003eImpact summary: A use after free can have a range of potential consequences\u003cbr\u003esuch as the corruption of valid data, crashes or execution of arbitrary code.\u003cbr\u003e\u003cbr\u003eHowever, the issue only affects clients that make use of TLSA records with both\u003cbr\u003ethe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\u003cbr\u003eusage.\u003cbr\u003e\u003cbr\u003eBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\u003cbr\u003erecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\u003cbr\u003ecertificate usages.  These SMTP (or other similar) clients are not vulnerable\u003cbr\u003eto this issue.  Conversely, any clients that support only the PKIX usages, and\u003cbr\u003eignore the DANE-TA(2) usage are also not vulnerable.\u003cbr\u003e\u003cbr\u003eThe client would also need to be communicating with a server that publishes a\u003cbr\u003eTLSA RRset with both types of TLSA records.\u003cbr\u003e\u003cbr\u003eNo FIPS modules are affected by this issue, the problem code is outside the\u003cbr\u003eFIPS module boundary."
            }
          ],
          "value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\ncertificate usages.  These SMTP (or other similar) clients are not vulnerable\nto this issue.  Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T22:00:51.496Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Potential Use-after-free in DANE Client Code",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-28387",
    "datePublished": "2026-04-07T22:00:51.496Z",
    "dateReserved": "2026-02-27T13:45:02.161Z",
    "dateUpdated": "2026-05-12T12:08:58.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-28387",
      "date": "2026-06-15",
      "epss": "0.00631",
      "percentile": "0.45286"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-28387\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-04-07T22:16:20.700\",\"lastModified\":\"2026-05-12T13:17:33.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: An uncommon configuration of clients performing DANE TLSA-based\\nserver authentication, when paired with uncommon server DANE TLSA records, may\\nresult in a use-after-free and/or double-free on the client side.\\n\\nImpact summary: A use after free can have a range of potential consequences\\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\\n\\nHowever, the issue only affects clients that make use of TLSA records with both\\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\\nusage.\\n\\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\\ncertificate usages.  These SMTP (or other similar) clients are not vulnerable\\nto this issue.  Conversely, any clients that support only the PKIX usages, and\\nignore the DANE-TA(2) usage are also not vulnerable.\\n\\nThe client would also need to be communicating with a server that publishes a\\nTLSA RRset with both types of TLSA records.\\n\\nNo FIPS modules are affected by this issue, the problem code is outside the\\nFIPS module boundary.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.1\",\"versionEndExcluding\":\"1.1.1zg\",\"matchCriteriaId\":\"656A0540-5825-498E-A7AB-C14976FEE45D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.20\",\"matchCriteriaId\":\"B28A8143-89A4-4332-A1F8-A65FB5AA829F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.7\",\"matchCriteriaId\":\"CF303B21-D9BF-461D-B7B0-A3FE1D557A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.5\",\"matchCriteriaId\":\"DCCE43D0-8F17-475D-9EE6-842F758A9905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.6\",\"matchCriteriaId\":\"F6BC0271-444D-4597-BF05-DC60034EAA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"4A9E621D-29D8-418A-BF37-BED333C14507\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260407.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28387\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-09T03:56:07.962224Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-13T13:00:32.514Z\"}}], \"cna\": {\"title\": \"Potential Use-after-free in DANE Client Code\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Igor Morgenstern (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Viktor Dukhovni\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Alexandr Nedvedicky\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.20\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1zg\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-07T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260407.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe\", \"name\": \"3.6.2 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3\", \"name\": \"3.5.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b\", \"name\": \"3.4.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7\", \"name\": \"3.3.7 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177\", \"name\": \"3.0.20 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: An uncommon configuration of clients performing DANE TLSA-based\\nserver authentication, when paired with uncommon server DANE TLSA records, may\\nresult in a use-after-free and/or double-free on the client side.\\n\\nImpact summary: A use after free can have a range of potential consequences\\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\\n\\nHowever, the issue only affects clients that make use of TLSA records with both\\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\\nusage.\\n\\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\\ncertificate usages.  These SMTP (or other similar) clients are not vulnerable\\nto this issue.  Conversely, any clients that support only the PKIX usages, and\\nignore the DANE-TA(2) usage are also not vulnerable.\\n\\nThe client would also need to be communicating with a server that publishes a\\nTLSA RRset with both types of TLSA records.\\n\\nNo FIPS modules are affected by this issue, the problem code is outside the\\nFIPS module boundary.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: An uncommon configuration of clients performing DANE TLSA-based\u003cbr\u003eserver authentication, when paired with uncommon server DANE TLSA records, may\u003cbr\u003eresult in a use-after-free and/or double-free on the client side.\u003cbr\u003e\u003cbr\u003eImpact summary: A use after free can have a range of potential consequences\u003cbr\u003esuch as the corruption of valid data, crashes or execution of arbitrary code.\u003cbr\u003e\u003cbr\u003eHowever, the issue only affects clients that make use of TLSA records with both\u003cbr\u003ethe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\u003cbr\u003eusage.\u003cbr\u003e\u003cbr\u003eBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\u003cbr\u003erecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\u003cbr\u003ecertificate usages.  These SMTP (or other similar) clients are not vulnerable\u003cbr\u003eto this issue.  Conversely, any clients that support only the PKIX usages, and\u003cbr\u003eignore the DANE-TA(2) usage are also not vulnerable.\u003cbr\u003e\u003cbr\u003eThe client would also need to be communicating with a server that publishes a\u003cbr\u003eTLSA RRset with both types of TLSA records.\u003cbr\u003e\u003cbr\u003eNo FIPS modules are affected by this issue, the problem code is outside the\u003cbr\u003eFIPS module boundary.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-04-07T22:00:51.496Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-28387\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-10T20:10:20.584Z\", \"dateReserved\": \"2026-02-27T13:45:02.161Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-04-07T22:00:51.496Z\", \"assignerShortName\": \"openssl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-0995

Vulnerability from csaf_certbund - Published: 2026-04-07 22:00 - Updated: 2026-06-02 22:00

Summary

OpenSSL: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff: Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-28386

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28387

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28388

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28389

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28390

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-31789

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-31790

Affected products

Known affected 24 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

References

55 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://openssl-library.org/news/secadv/20260407.txt	external
https://openssl-library.org/news/vulnerabilities/	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-8155-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-8155-2	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3249.html	external
https://msrc.microsoft.com/update-guide/	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.netapp.com/advisory/NTAP-20260417-0017	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAP…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3274.html	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3275.html	external
https://access.redhat.com/errata/RHSA-2026:12195	external
https://www.ibm.com/support/pages/node/7271681	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:14937	external
https://access.redhat.com/errata/RHSA-2026:19066	external
https://access.redhat.com/errata/RHSA-2026:19218	external
https://docs.cloud.google.com/container-optimized…	external
https://access.redhat.com/errata/RHSA-2026:21275	external
https://access.redhat.com/errata/RHSA-2026:22314	external
https://access.redhat.com/errata/RHSA-2026:22313	external
https://access.redhat.com/errata/RHSA-2026:22315	external
https://access.redhat.com/errata/RHSA-2026:22312	external
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/…	external
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/…	external
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/…	external
https://errata.build.resf.org/RLSA-2026:22312	external
https://access.redhat.com/errata/RHSA-2026:22634	external
https://linux.oracle.com/errata/ELSA-2026-22315.html	external
https://errata.build.resf.org/RLSA-2026:22313	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0995 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0995.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0995 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0995"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory vom 2026-04-07",
        "url": "https://openssl-library.org/news/secadv/20260407.txt"
      },
      {
        "category": "external",
        "summary": "OpenSSL Vulnerabilities vom 2026-04-07",
        "url": "https://openssl-library.org/news/vulnerabilities/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6201 vom 2026-04-08",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00111.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1214-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025167.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1216-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025165.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8155-1 vom 2026-04-08",
        "url": "https://ubuntu.com/security/notices/USN-8155-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1213-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025168.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1215-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025166.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8155-2 vom 2026-04-09",
        "url": "https://ubuntu.com/security/notices/USN-8155-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1256-1 vom 2026-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025199.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1255-1 vom 2026-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025200.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1257-1 vom 2026-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025198.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10533-1 vom 2026-04-12",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q3L6UO5MQYWT5OTNC6A64RQTAMSGR6D3/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21037-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025303.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1290-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025312.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1291-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025311.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21065-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025275.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3249 vom 2026-04-14",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3249.html"
      },
      {
        "category": "external",
        "summary": "Microsoft Security Update Guide vom 2026-04-14",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21107-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025373.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1375-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025384.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1386-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025395.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1429-1 vom 2026-04-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025435.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21186-1 vom 2026-04-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025505.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20260417-0017 vom 2026-04-21",
        "url": "https://security.netapp.com/advisory/NTAP-20260417-0017"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1549-1 vom 2026-04-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025567.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1550-1 vom 2026-04-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025566.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1577-1 vom 2026-04-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025597.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1562-1 vom 2026-04-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025576.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21244-1 vom 2026-04-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025592.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1605-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025615.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2OPENSSL-SNAPSAFE-2026-010 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAPSAFE-2026-010.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3274 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3274.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3275 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3275.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12195 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12195"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7271681 vom 2026-05-04",
        "url": "https://www.ibm.com/support/pages/node/7271681"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1711-1 vom 2026-05-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025892.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14937 vom 2026-05-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:14937"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19066 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:19066"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19218 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19218"
      },
      {
        "category": "external",
        "summary": "Container-Optimized OS release notes vom 2026-05-26",
        "url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#May_21_2026"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21275"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22314 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22314"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22313 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22313"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22315 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22315"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22312 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22312"
      },
      {
        "category": "external",
        "summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
        "url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Linux/de/NCP_RN_Linux_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
      },
      {
        "category": "external",
        "summary": "NCP Secure Enterprise VPN Server Release Notes  vom 2026-06-02",
        "url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Win/de/NCP_RN_Win_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
      },
      {
        "category": "external",
        "summary": "NCP Secure Enterprise VPN Server Release Notes  vom 2026-06-02",
        "url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Virtual_Secure_Enterprise_VPN_Server/de/NCP_RN_Virtual_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:22312 vom 2026-06-02",
        "url": "https://errata.build.resf.org/RLSA-2026:22312"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:22634"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-22315 vom 2026-06-03",
        "url": "https://linux.oracle.com/errata/ELSA-2026-22315.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:22313 vom 2026-06-02",
        "url": "https://errata.build.resf.org/RLSA-2026:22313"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-03T06:33:27.102+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0995",
      "initial_release_date": "2026-04-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-12T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE und openSUSE aufgenommen"
        },
        {
          "date": "2026-04-13T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und Amazon aufgenommen"
        },
        {
          "date": "2026-04-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und NetApp aufgenommen"
        },
        {
          "date": "2026-04-22T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-07T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "23"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Google Container-Optimized OS",
            "product": {
              "name": "Google Container-Optimized OS",
              "product_id": "1607324",
              "product_identification_helper": {
                "cpe": "cpe:/o:google:container-optimized_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "1139691",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.1",
                "product": {
                  "name": "IBM VIOS 4.1",
                  "product_id": "1522854",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VIOS"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "azl3",
                "product": {
                  "name": "Microsoft Azure Linux azl3",
                  "product_id": "T049210",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:azure_linux:azl3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14.10 r32489",
                "product": {
                  "name": "NCP Secure Enterprise VPN Server \u003c14.10 r32489",
                  "product_id": "T054958"
                }
              },
              {
                "category": "product_version",
                "name": "14.10 r32489",
                "product": {
                  "name": "NCP Secure Enterprise VPN Server 14.10 r32489",
                  "product_id": "T054958-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ncp-e:secure_enterprise_vpn_server:14.10_r32489"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Enterprise VPN Server"
          }
        ],
        "category": "vendor",
        "name": "NCP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Baseboard Management Controller",
                "product": {
                  "name": "NetApp AFF Baseboard Management Controller",
                  "product_id": "T025086",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:netapp:aff:::baseboard_management_controller"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AFF"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Baseboard Management Controller",
                "product": {
                  "name": "NetApp FAS Baseboard Management Controller",
                  "product_id": "T043535",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:netapp:fas:baseboard_management_controller"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FAS"
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.6.2",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.6.2",
                  "product_id": "T052469"
                }
              },
              {
                "category": "product_version",
                "name": "3.6.2",
                "product": {
                  "name": "Open Source OpenSSL 3.6.2",
                  "product_id": "T052469-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.6.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.5.6",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.5.6",
                  "product_id": "T052470"
                }
              },
              {
                "category": "product_version",
                "name": "3.5.6",
                "product": {
                  "name": "Open Source OpenSSL 3.5.6",
                  "product_id": "T052470-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.5.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.4.5",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.4.5",
                  "product_id": "T052471"
                }
              },
              {
                "category": "product_version",
                "name": "3.4.5",
                "product": {
                  "name": "Open Source OpenSSL 3.4.5",
                  "product_id": "T052471-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.4.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3.7",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.3.7",
                  "product_id": "T052472"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.7",
                "product": {
                  "name": "Open Source OpenSSL 3.3.7",
                  "product_id": "T052472-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.3.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.0.20",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.0.20",
                  "product_id": "T052473"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.20",
                "product": {
                  "name": "Open Source OpenSSL 3.0.20",
                  "product_id": "T052473-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.0.20"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.1.1zg",
                "product": {
                  "name": "Open Source OpenSSL \u003c1.1.1zg",
                  "product_id": "T052474"
                }
              },
              {
                "category": "product_version",
                "name": "1.1.1zg",
                "product": {
                  "name": "Open Source OpenSSL 1.1.1zg",
                  "product_id": "T052474-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.1.1zg"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.0.2zp",
                "product": {
                  "name": "Open Source OpenSSL \u003c1.0.2zp",
                  "product_id": "T052475"
                }
              },
              {
                "category": "product_version",
                "name": "1.0.2zp",
                "product": {
                  "name": "Open Source OpenSSL 1.0.2zp",
                  "product_id": "T052475-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.0.2zp"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Update Infrastructure 5.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
                  "product_id": "T054761",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-28386",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28386"
    },
    {
      "cve": "CVE-2026-28387",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28387"
    },
    {
      "cve": "CVE-2026-28388",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28388"
    },
    {
      "cve": "CVE-2026-28389",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28389"
    },
    {
      "cve": "CVE-2026-28390",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28390"
    },
    {
      "cve": "CVE-2026-31789",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-31789"
    },
    {
      "cve": "CVE-2026-31790",
      "product_status": {
        "known_affected": [
          "T054761",
          "T052472",
          "T052473",
          "T025086",
          "T052470",
          "T052471",
          "67646",
          "434967",
          "T052469",
          "1522854",
          "T004914",
          "T032255",
          "T052474",
          "T052475",
          "1139691",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "398363",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-31790"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-28387 (GCVE-0-2026-28387)

WID-SEC-W-2026-0995

Tags

Sightings

Nomenclature