Linux Distros Unpatched Vulnerability : CVE-2026-28387

🗓️ 07 Apr 2026 00:00:00Reported by TenableType

Unpatched Linux systems may face use after free with DANE TLSA records combining PKIX and DANE usages.

Reporter	Title	Published	Views	Family All 142
Tenable Nessus	Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1586)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3249 (ALAS-2026-3249)	14 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : edk2, --advisory ALAS2-2026-3275 (ALAS-2026-3275)	30 Apr 202600:00	–	nessus
Tenable Nessus	Debian dsa-6201 : libcrypto3-udeb - security update	21 Apr 202600:00	–	nessus
Tenable Nessus	FreeBSD : OpenSSL -- Multiple vulnerabilities (c7a52cee-32ab-11f1-9839-8447094a420f)	8 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 1.1.1 < 1.1.1zg Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.0.0 < 3.0.20 Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.3.0 < 3.3.7 Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.4.0 < 3.4.5 Multiple Vulnerabilities	7 Apr 202600:00	–	nessus
Tenable Nessus	OpenSSL 3.5.0 < 3.5.6 Multiple Vulnerabilities	16 Mar 202600:00	–	nessus

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2026-28387
ubuntu	www.ubuntu.com/security/CVE-2026-28387
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(305226);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/22");

  script_cve_id("CVE-2026-28387");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-28387");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when
    paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the
    client side. Impact summary: A use after free can have a range of potential consequences such as the
    corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients
    that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2)
    certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends
    that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or
    other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the
    PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be
    communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules
    are affected by this issue, the problem code is outside the FIPS module boundary. (CVE-2026-28387)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-28387");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-28387");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-28387");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:edk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libcrypto1.1-udeb"},
          {"reference": "libssl-dev"},
          {"reference": "libssl-doc"},
          {"reference": "libssl1.1"},
          {"reference": "libssl1.1-udeb"},
          {"reference": "openssl"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "edk2"},
          {"reference": "nodejs"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "edk2"},
          {"reference": "nodejs"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "ovmf"},
          {"reference": "qemu-efi"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "nodejs"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "qemu-efi"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-arm"},
          {"reference": "efi-shell-ia32"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "efi-shell-aa64"},
          {"reference": "efi-shell-arm"},
          {"reference": "efi-shell-ia32"},
          {"reference": "efi-shell-loongarch64"},
          {"reference": "efi-shell-riscv64"},
          {"reference": "efi-shell-x64"},
          {"reference": "ovmf"},
          {"reference": "ovmf-ia32"},
          {"reference": "ovmf-inteltdx"},
          {"reference": "qemu-efi-aarch64"},
          {"reference": "qemu-efi-arm"},
          {"reference": "qemu-efi-loongarch64"},
          {"reference": "qemu-efi-riscv64"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

22 May 2026 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.18.1

EPSS0.00044

SSVC