CVE-2026-28386

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS Module version 3.6

Description Applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES support may experience an out-of-bounds read of up to 15 bytes when handling partial cipher blocks. This can lead to a denial of service if the input buffer is at a memory page boundary and the subsequent page is unmapped. The issue occurs only when processing partial blocks and on x86-64 systems with AVX-512 and VAES instruction support.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.