Skip to main content

OpenSSL CVE-2026-28386

| EUVDEUVD-2026-19958 HIGH
Out-of-bounds Read (CWE-125)
2026-04-07 openssl GHSA-q457-vx59-3fqg
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–Critical)
NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Red Hat
4.7 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Severity Changed
Apr 24, 2026 - 18:37 NVD
CRITICAL HIGH
CVSS changed
Apr 24, 2026 - 18:37 NVD
9.1 (CRITICAL) 7.5 (HIGH)
Re-analysis Queued
Apr 23, 2026 - 16:12 vuln.today
cvss_changed
EUVD ID Assigned
Apr 07, 2026 - 22:16 euvd
EUVD-2026-19958
Analysis Generated
Apr 07, 2026 - 22:16 vuln.today
Patch released
Apr 07, 2026 - 22:16 nvd
Patch available
CVE Published
Apr 07, 2026 - 22:00 nvd
CRITICAL 9.1

DescriptionCVE.org

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not written to output.

The vulnerable code path is only reached when processing partial blocks (when a previous call left an incomplete block and the current call provides fewer bytes than needed to complete it). Additionally, the input buffer must be positioned at a page boundary with the following page unmapped. CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or ChaCha20-Poly1305 instead. For these reasons the issue was assessed as Low severity according to our Security Policy.

Only x86-64 systems with AVX-512 and VAES instruction support are affected. Other architectures and systems without VAES support use different code paths that are not affected.

OpenSSL FIPS module in 3.6 version is affected by this issue.

AnalysisAI

Out-of-bounds read in OpenSSL 3.6.0-3.6.1 allows denial of service when AES-CFB128 encryption or decryption processes partial cipher blocks on x86-64 systems with AVX-512 and VAES support. Vulnerability triggers when input buffer ends at a memory page boundary with subsequent unmapped page, causing crashes. Exploitation requires unauthenticated network access but demands specific architectural conditions (AVX-512/VAES) and partial block handling. No public exploit identified at time of analysis. EPSS percentile 5% indicates low observed exploitation activity.

Technical ContextAI

CWE-125 out-of-bounds read in AES-CFB128 implementation affects x86-64 AVX-512/VAES code path exclusively. Vulnerable logic reached only when prior call left incomplete block and current input insufficient to complete it. Buffer alignment at page boundary with unmapped successor page required for crash condition. Over-read limited to 15 bytes, not written to output.

RemediationAI

Vendor-released patch: OpenSSL 3.6.2. Upgrade immediately from affected 3.6.0-3.6.1 versions to 3.6.2 or later. Upstream fix available in commit 61f428a2fc6671ede184a19f71e6e495f0689621. Organizations unable to patch should consider disabling AES-CFB128 cipher suite if operationally feasible, though CFB mode is not used in TLS/DTLS protocols. Verify system architecture (AVX-512/VAES presence) to confirm exposure scope. Consult official security advisory: https://openssl-library.org/news/secadv/20260407.txt. GitHub patch reference: https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed

Share

CVE-2026-28386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy