CVE-2026-28387

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions versions not specified

Description An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. A use after free can lead to data corruption, crashes, or arbitrary code execution. The issue affects clients that use TLSA records with both PKIX-TA(0/PKIX-EE(1)) and DANE-TA(2) certificate usages. Clients that treat PKIX TLSA records as unusable or support only PKIX usages are not vulnerable. The client must also communicate with a server publishing a TLSA RRset with both types of TLSA records.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-28387

ECHO-6FC6-4872-7EA8

MGASA-2026-0091

OESA-2026-2041

OESA-2026-2042

OESA-2026-2043

OESA-2026-2044

OESA-2026-2045

OESA-2026-2189

OESA-2026-2190

OESA-2026-2191

OPENSUSE-SU-2026:10533-1

OPENSUSE-SU-2026:20525-1

RHSA-2026:7261

SUSE-SU-2026:1213-1

SUSE-SU-2026:1214-1

SUSE-SU-2026:1215-1

SUSE-SU-2026:1216-1

SUSE-SU-2026:1255-1

SUSE-SU-2026:1256-1

SUSE-SU-2026:1257-1

SUSE-SU-2026:1290-1

SUSE-SU-2026:1291-1

SUSE-SU-2026:1375-1

SUSE-SU-2026:1386-1

SUSE-SU-2026:1577-1

SUSE-SU-2026:21037-1

SUSE-SU-2026:21065-1

SUSE-SU-2026:21107-1

SUSE-SU-2026:21186-1

USN-8155-1

USN-8155-2

Affected Products

Dane

Ibm Aix

Linuxmint

Openssl

Ubuntu

CVE-2026-28387

Weakness Enumeration

Related Identifiers

Affected Products

References · 114