CVE-2026-28387

🗓️ 07 Apr 2026 22:00:51Reported by opensslType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 59 Views

CVE-2026-28387: Potential use-after-free in DANE TLSA client with mixed PKIX and DANE TLSA records.

Reporter	Title	Published	Views	Family All 148
Tenable Nessus	Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1586)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3249 (ALAS-2026-3249)	14 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : edk2, --advisory ALAS2-2026-3275 (ALAS-2026-3275)	30 Apr 202600:00	–	nessus
Tenable Nessus	Debian dsa-6201 : libcrypto3-udeb - security update	21 Apr 202600:00	–	nessus
Tenable Nessus	FreeBSD : OpenSSL -- Multiple vulnerabilities (c7a52cee-32ab-11f1-9839-8447094a420f)	8 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 1.1.1 < 1.1.1zg Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.0.0 < 3.0.20 Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.3.0 < 3.3.7 Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.4.0 < 3.4.5 Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.5.0 < 3.5.6 Multiple Vulnerabilities	16 Mar 202600:00	–	nessus

NVD

Vulners

Node

openssl opensslRange1.1.1–1.1.1zg

openssl opensslRange3.0.0–3.0.20

openssl opensslRange3.3.0–3.3.7

openssl opensslRange3.4.0–3.4.5

openssl opensslRange3.5.0–3.5.6

openssl opensslRange3.6.0–3.6.2

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "3.6.2",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.6",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.5",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.3.7",
        "status": "affected",
        "version": "3.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.20",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.1.1zg",
        "status": "affected",
        "version": "1.1.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b
github	www.github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe
github	www.github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3
github	www.github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177
openssl-library	www.openssl-library.org/news/secadv/20260407.txt
github	www.github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-265688.html
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-032379.html

12 May 2026 13:17Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.18.1

EPSS0.00044

SSVC

CWE-416