OpenSSL Product Security Update Advisory

Apr 13 2026

Overview.

An out-of-bounds read vulnerability (CVE-2026-28386) and a NULL pointer dereference vulnerability (CVE-2026-28388, CVE-2026-28389, CVE-2026-28390) in OpenSSL have been disclosed.
affected products are systems and applications that use the OpenSSL library.

Vulnerability Summary.

CVE-2026-28386: An out-of-bounds read vulnerability.
CVE-2026-28388: NULL pointer dereference vulnerability.
CVE-2026-28389: NULL pointer dereference vulnerability.
CVE-2026-28390: NULL pointer dereference vulnerability.

Affected Versions.

the major versions affected are OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2.

Patched versions.

The fix for CVE-2026-28386 was applied in OpenSSL 3.6.2.
Fixes for CVE-2026-28388, CVE-2026-28389, and CVE-2026-28390 were provided in OpenSSL 3.6.2, 3.5.6, 3.4.5, 3.3.7, 3.0.20, 1.1.1zg, 1.0.2zp, and related patches.

Impact and Advisory.

the vulnerability could potentially result in information disclosure or service disruption (application crash).
the recommended action is to replace the affected distributions and applications with the published patch versions.

References.

OpenSSL Security Advisory [7th April 2026]. available at: https://openssl-library.org/news/secadv/20260407.txt.

OpenSSL Product Security Update Advisory

Overview.

Vulnerability Summary.

Affected Versions.

Patched versions.

Impact and Advisory.

References.

Apache Tomcat April Vulnerabilities Security Update Advisory

Adobe Product Security Update Advisory (CVE-2026-34621)

Overview.

Vulnerability Summary.

Affected Versions.

Patched versions.

Impact and Advisory.

References.

Tags:

Apache Tomcat April Vulnerabilities Security Update Advisory

Adobe Product Security Update Advisory (CVE-2026-34621)