OpenSSL Product Security Update Advisory (CVE-2026-31790)

Apr 09 2026

Overview

An uninitialized memory exposure vulnerability (CVE-2026-31790) has been reported in OpenSSL. the vulnerability has the potential to expose the contents of uninitialized memory, resulting in the disclosure of sensitive information.

Affected Versions

OpenSSL 3.0 series.
OpenSSL 3.3 Series.
OpenSSL 3.4 Series.
OpenSSL 3.5 Series.
OpenSSL 3.6 Series.

Patch Version

3.0.20.
3.3.7.
3.4.5.
3.5.6.
3.6.2.

Impact and risk

the vulnerability poses a risk of confidentiality compromise and information leakage due to memory exposure.
exposed memory has the potential to contain sensitive information such as encryption keys, session tokens, and private data.

Recommendation

affected products are recommended to be updated to the official patched version.
production environments should perform compatibility testing with related services before and after applying the patch.

References

OpenSSL Security Advisory 2026-04-07: https://openssl-library.org/news/secadv/20260407.txt.

Overview

Affected Versions

Patch Version

Impact and risk

Recommendation

References

Tags:

Palo Alto Networks Family April 2026 Security Update Advisory

OpenSSL Product Security Update Advisory