{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28386", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "dateReserved": "2026-02-27T13:45:02.161Z", "datePublished": "2026-04-07T22:00:50.164Z", "dateUpdated": "2026-04-10T20:16:08.389Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.6.2", "status": "affected", "version": "3.6.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Stanislav Fort (Aisle Research)"}, {"lang": "en", "type": "reporter", "value": "Pavel Kohout (Aisle Research)"}, {"lang": "en", "type": "reporter", "value": "Alex Gaynor (Anthropic)"}, {"lang": "en", "type": "remediation developer", "value": "Stanislav Fort (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Pavel Kohout (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Alex Gaynor (Anthropic)"}], "datePublic": "2026-04-07T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on<br>systems with AVX-512 and VAES support can trigger an out-of-bounds read<br>of up to 15 bytes when processing partial cipher blocks.<br><br>Impact summary: This out-of-bounds read may trigger a crash which leads to<br>Denial of Service for an application if the input buffer ends at a memory<br>page boundary and the following page is unmapped. There is no information<br>disclosure as the over-read bytes are not written to output.<br><br>The vulnerable code path is only reached when processing partial blocks<br>(when a previous call left an incomplete block and the current call provides<br>fewer bytes than needed to complete it). Additionally, the input buffer<br>must be positioned at a page boundary with the following page unmapped.<br>CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or<br>ChaCha20-Poly1305 instead. For these reasons the issue was assessed as<br>Low severity according to our Security Policy.<br><br>Only x86-64 systems with AVX-512 and VAES instruction support are affected.<br>Other architectures and systems without VAES support use different code<br>paths that are not affected.<br><br>OpenSSL FIPS module in 3.6 version is affected by this issue."}], "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."}], "metrics": [{"format": "other", "other": {"content": {"text": "Low"}, "type": "https://openssl-library.org/policies/general/security-policy/"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2026-04-07T22:00:50.164Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://openssl-library.org/news/secadv/20260407.txt"}, {"name": "3.6.2 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T20:15:21.235876Z", "id": "CVE-2026-28386", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:16:08.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-28386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T20:15:21.235876Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:16:01.884Z"}}], "cna": {"title": "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Stanislav Fort (Aisle Research)"}, {"lang": "en", "type": "reporter", "value": "Pavel Kohout (Aisle Research)"}, {"lang": "en", "type": "reporter", "value": "Alex Gaynor (Anthropic)"}, {"lang": "en", "type": "remediation developer", "value": "Stanislav Fort (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Pavel Kohout (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Alex Gaynor (Anthropic)"}], "metrics": [{"other": {"type": "https://openssl-library.org/policies/general/security-policy/", "content": {"text": "Low"}}, "format": "other"}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"status": "affected", "version": "3.6.0", "lessThan": "3.6.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-07T14:00:00.000Z", "references": [{"url": "https://openssl-library.org/news/secadv/20260407.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621", "name": "3.6.2 git commit", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on<br>systems with AVX-512 and VAES support can trigger an out-of-bounds read<br>of up to 15 bytes when processing partial cipher blocks.<br><br>Impact summary: This out-of-bounds read may trigger a crash which leads to<br>Denial of Service for an application if the input buffer ends at a memory<br>page boundary and the following page is unmapped. There is no information<br>disclosure as the over-read bytes are not written to output.<br><br>The vulnerable code path is only reached when processing partial blocks<br>(when a previous call left an incomplete block and the current call provides<br>fewer bytes than needed to complete it). Additionally, the input buffer<br>must be positioned at a page boundary with the following page unmapped.<br>CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or<br>ChaCha20-Poly1305 instead. For these reasons the issue was assessed as<br>Low severity according to our Security Policy.<br><br>Only x86-64 systems with AVX-512 and VAES instruction support are affected.<br>Other architectures and systems without VAES support use different code<br>paths that are not affected.<br><br>OpenSSL FIPS module in 3.6 version is affected by this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2026-04-07T22:00:50.164Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28386", "state": "PUBLISHED", "dateUpdated": "2026-04-10T20:16:08.389Z", "dateReserved": "2026-02-27T13:45:02.161Z", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "datePublished": "2026-04-07T22:00:50.164Z", "assignerShortName": "openssl"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."}], "id": "CVE-2026-28386", "lastModified": "2026-04-10T21:16:22.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T22:16:20.513", "references": [{"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621"}, {"source": "openssl-security@openssl.org", "url": "https://openssl-library.org/news/secadv/20260407.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "openssl-security@openssl.org", "type": "Secondary"}]}

{"bugzilla": {"description": "openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128", "id": "2451099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451099"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-805", "details": ["A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-28386", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "shim-unsigned-aarch64", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "shim-unsigned-aarch64", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28386\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28386\nhttps://openssl-library.org/news/secadv/20260407.txt"], "statement": "This vulnerability has a Low impact on Red Hat products. It affects applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES, potentially leading to a Denial of Service due to an out-of-bounds read when processing partial cipher blocks under specific memory conditions. The CFB mode is not employed in widely used protocols such as TLS/DTLS, which limits the applicability of this flaw.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.6.0,3.6.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenSSL", "source": "cna", "vendor": "OpenSSL"}, "product": "openssl", "vendor": "openssl"}], "analysis": {"en": {"generated_at": "2026-04-08T01:21:06.844867+00:00", "value": {"mitigation_remediation": ["Update OpenSSL to a version that includes the AES\u2011CFB128 fix, which is available in releases following 3.6 as indicated by the referenced commit and advisory.", "If your OpenSSL build is compiled for x86\u201164 with AVX\u2011512 and VAES support, verify that the patch has been applied and that the application no longer processes partial blocks that could trigger an over\u2011read.", "For systems that use TLS/DTLS or other modes, no action is required, but monitor for any future advisories affecting your OpenSSL deployment."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Only OpenSSL installations compiled for x86\u201164 with AVX\u2011512 and VAES acceleration are vulnerable. The 3.6 release of the OpenSSL FIPS module explicitly contains the affected code path. Builds on other architectures or on systems that do not enable the AVX\u2011512/VAES accelerated AES\u2011CFB128 code, and deployments that use TLS/DTLS (which employ CBC, GCM, CCM, or ChaCha20\u2011Poly1305) are not impacted.", "description_and_impact": "The vulnerability is an out\u2011of\u2011bounds read in the AES\u2011CFB128 implementation of OpenSSL on x86\u201164 CPUs that provide AVX\u2011512 and VAES instruction support. When a call to encrypt or decrypt receives fewer bytes than required to finish a previously incomplete block, the routine reads up to 15 bytes beyond the supplied input buffer. The over\u2011read does not expose data, but if the input buffer ends exactly on a memory page boundary followed by an unmapped page, the read can trigger a crash, causing a denial of service for the affected application.", "risk_and_exploitability": "The flaw is classified as CWE\u2011125 and was evaluated as low severity. No publicly known exploit exists and the EPSS score is not available. The vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires a highly specific sequence of events\u2014use of AES\u2011CFB128, processing of a partial block from a previous call, a subsequent call that supplies fewer bytes than needed, and an input buffer positioned at a memory page boundary with the following page unmapped. This combination is unlikely to occur in typical deployments, so the overall risk is considered low, although the crash can disrupt services."}}}}, "created": "2026-04-08T19:33:59.032687+00:00", "updated": "2026-04-08T19:45:22.519369+00:00", "vendors": ["openssl", "openssl$PRODUCT$openssl"]}