The CERT-FR issued an alert on 8 April 2026 warning of several vulnerabilities in OpenSSL that allow remote code execution, denial‑of‑service, and data confidentiality breaches. The affected releases include OpenSSL 1.0.2 before 1.0.2zp, 1.1.1 before 1.1.1zg, 3.0.x before 3.0.20, 3.3.x before 3.3.7, 3.4.x before 3.4.5, 3.5.x before 3.5.6, and 3.6.x before 3.6.2. The FIPS modules of versions 3.6, 3.5, 3.4, 3.3, 3.1, and 3.0 are also impacted, with CVE‑2026‑31790 affecting x86‑64 systems that have AVX‑512 or VAES instructions enabled. The alert references CVE‑2026‑28386 through CVE‑2026‑31790 and directs users to the OpenSSL security bulletin dated 7 April 2026 for patches. Affected users should update to the latest OpenSSL version or apply the vendor‑provided patch immediately. Failure to patch could expose systems to active exploitation.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.