Out-of-bounds Read in Openssl
CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds r…
Vulnerability class: Buffer Overflow
EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.
Affected products
- Openssl — versions 3.6.0
Weakness classification (CWE)
References
- OpenSSL Advisory (vendor-advisory)
- 3.6.2 git commit (patch)