- 114/2026
- Critical
OpenSSL has released security updates to address several vulnerabilities affecting OpenSSL Software Services.
The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, execute arbitrary code, or obtain sensitive information from the affected system.
Sample of the addressed vulnerabilities:
1. OpenSSL Hexadecimal Conversion Heap Buffer Overflow Vulnerability (CVE- 2026-31789):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Remote Code Execution
2. OpenSSL Out-of-Bounds Read in AES-CFB-128 Vulnerability (CVE-2026- 28386):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2026-28386
- CVE-2026-28387
- CVE-2026-28388
- CVE-2026-28389
- CVE-2026-28390
- CVE-2026-31789
- CVE-2026-31790
- CVE-2026-2673
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.