{"api_version":"1","generated_at":"2026-04-10T03:01:37+00:00","cve":"CVE-2026-28386","urls":{"html":"https://cve.report/CVE-2026-28386","api":"https://cve.report/api/cve/CVE-2026-28386.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-28386","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-28386"},"summary":{"title":"Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support","description":"Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue.","state":"PUBLISHED","assigner":"openssl","published_at":"2026-04-07 22:16:20","updated_at":"2026-04-08 21:27:00"},"problem_types":["CWE-125","CWE-125 CWE-125 Out-of-bounds Read"],"metrics":[],"references":[{"url":"https://openssl-library.org/news/secadv/20260407.txt","name":"https://openssl-library.org/news/secadv/20260407.txt","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621","name":"https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-28386","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28386","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected 3.6.0 3.6.2 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Stanislav Fort (Aisle Research)","lang":"en"},{"source":"CNA","value":"Pavel Kohout (Aisle Research)","lang":"en"},{"source":"CNA","value":"Alex Gaynor (Anthropic)","lang":"en"},{"source":"CNA","value":"Stanislav Fort (Aisle Research)","lang":"en"},{"source":"CNA","value":"Pavel Kohout (Aisle Research)","lang":"en"},{"source":"CNA","value":"Alex Gaynor (Anthropic)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"28386","cve":"CVE-2026-28386","epss":"0.000190000","percentile":"0.050600000","score_date":"2026-04-09","updated_at":"2026-04-10 00:07:02"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"OpenSSL","vendor":"OpenSSL","versions":[{"lessThan":"3.6.2","status":"affected","version":"3.6.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Stanislav Fort (Aisle Research)"},{"lang":"en","type":"reporter","value":"Pavel Kohout (Aisle Research)"},{"lang":"en","type":"reporter","value":"Alex Gaynor (Anthropic)"},{"lang":"en","type":"remediation developer","value":"Stanislav Fort (Aisle Research)"},{"lang":"en","type":"remediation developer","value":"Pavel Kohout (Aisle Research)"},{"lang":"en","type":"remediation developer","value":"Alex Gaynor (Anthropic)"}],"datePublic":"2026-04-07T14:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Issue summary: Applications using AES-CFB128 encryption or decryption on<br>systems with AVX-512 and VAES support can trigger an out-of-bounds read<br>of up to 15 bytes when processing partial cipher blocks.<br><br>Impact summary: This out-of-bounds read may trigger a crash which leads to<br>Denial of Service for an application if the input buffer ends at a memory<br>page boundary and the following page is unmapped. There is no information<br>disclosure as the over-read bytes are not written to output.<br><br>The vulnerable code path is only reached when processing partial blocks<br>(when a previous call left an incomplete block and the current call provides<br>fewer bytes than needed to complete it). Additionally, the input buffer<br>must be positioned at a page boundary with the following page unmapped.<br>CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or<br>ChaCha20-Poly1305 instead. For these reasons the issue was assessed as<br>Low severity according to our Security Policy.<br><br>Only x86-64 systems with AVX-512 and VAES instruction support are affected.<br>Other architectures and systems without VAES support use different code<br>paths that are not affected.<br><br>OpenSSL FIPS module in 3.6 version is affected by this issue."}],"value":"Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."}],"metrics":[{"format":"other","other":{"content":{"text":"Low"},"type":"https://openssl-library.org/policies/general/security-policy/"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-07T22:00:50.164Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"name":"OpenSSL Advisory","tags":["vendor-advisory"],"url":"https://openssl-library.org/news/secadv/20260407.txt"},{"name":"3.6.2 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621"}],"source":{"discovery":"UNKNOWN"},"title":"Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2026-28386","datePublished":"2026-04-07T22:00:50.164Z","dateReserved":"2026-02-27T13:45:02.161Z","dateUpdated":"2026-04-07T22:00:50.164Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-07 22:16:20","lastModifiedDate":"2026-04-08 21:27:00","problem_types":["CWE-125","CWE-125 CWE-125 Out-of-bounds Read"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"28386","Ordinal":"1","Title":"Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support","CVE":"CVE-2026-28386","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"28386","Ordinal":"1","NoteData":"Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue.","Type":"Description","Title":"Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support"}]}}}