OpenSSL 3.6.2 Released to Fix Eight CVE Vulnerabilities

OpenSSL released version 3.6.2 on April 7, 2026, as a security patch update designed to resolve eight distinct vulnerabilities. The project has rated the most severe of these issues as Moderate, providing a critical update for developers and organizations relying on the library for secure communications and cryptographic operations.

The update arrives approximately two and a half months after the release of OpenSSL 3.6.1. According to reporting from Linuxiac and Tux Machines, the patch addresses a variety of flaws including memory management errors, incorrect failure handling, and buffer overflows.

Detailed Vulnerability Analysis

The security release targets eight CVEs: CVE-2026-31790, CVE-2026-2673, CVE-2026-28386, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, and CVE-2026-31789. These vulnerabilities affect different components of the library, ranging from key encapsulation to certificate revocation lists.

One primary fix addresses CVE-2026-31790, which involved incorrect failure handling during RSA KEM RSASVE encapsulation. RSA KEM (Key Encapsulation Mechanism) is used to securely transmit symmetric keys using asymmetric cryptography.

The release also resolves several memory-related bugs. These include a potential use-after-free vulnerability in DANE client code (CVE-2026-28387), where the system might attempt to use a memory pointer after it has been freed. The update patches a heap buffer overflow in hexadecimal conversion, a condition where data exceeds the allocated boundary of a memory buffer on the heap.

Two NULL pointer dereference bugs were also addressed. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that is null, typically resulting in a program crash. These specific bugs affected the processing of delta CRLs (Certificate Revocation Lists), identified as CVE-2026-28388, and the handling of CMS (Cryptographic Message Syntax) recipient info, identified as CVE-2026-28389.

Low-Severity Out-of-Bounds Read in AES-CFB-128

Among the fixes is a resolution for CVE-2026-28386, which OpenSSL has categorized as Low severity. This vulnerability involves an out-of-bounds read in AES-CFB-128 encryption and decryption on x86-64 systems that support AVX-512 (Advanced Vector Extensions 512) and VAES (Vector AES) instructions.

The issue is triggered when applications process partial cipher blocks. In these specific hardware environments, the library can trigger an out-of-bounds read of up to 15 bytes.

The impact of this flaw is primarily limited to a potential crash, which could lead to a Denial of Service (DoS) for an application. This occurs specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. OpenSSL noted that there is no risk of information disclosure because the over-read bytes are not written to the output.

The risk is further mitigated by the fact that CFB (Cipher Feedback) mode is not utilized in TLS or DTLS protocols. These protocols instead rely on CBC, GCM, CCM, or ChaCha20-Poly1305. Only x86-64 systems with AVX-512 and VAES support are affected, while other architectures use different, unaffected code paths.

This specific vulnerability was discovered by Alex Gaynor of Anthropic, along with Stanislav Fort and Pavel Kohout of Aisle Research, who also helped develop the fix.

Configuration and FIPS Impact

Beyond the CVE-tracked vulnerabilities, OpenSSL 3.6.2 fixes a configuration issue where the key agreement group tuple structure was lost when the DEFAULT keyword was used in server-side configurations.

The OpenSSL FIPS (Federal Information Processing Standards) module in version 3.6 is also affected by the AES-CFB-128 out-of-bounds read issue, making the update necessary for users requiring FIPS compliance.

The vulnerability CVE-2026-28386 was present in versions starting from 3.6.0 and persists until the 3.6.2 patch is applied.