Security Vulnerability Report
中文
CVE-2026-28386 CVSS 7.5 HIGH

CVE-2026-28386

Published: 2026-04-07 22:16:21
Last Modified: 2026-04-24 18:28:21
Source: [email protected]

Description

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not written to output. The vulnerable code path is only reached when processing partial blocks (when a previous call left an incomplete block and the current call provides fewer bytes than needed to complete it). Additionally, the input buffer must be positioned at a page boundary with the following page unmapped. CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or ChaCha20-Poly1305 instead. For these reasons the issue was assessed as Low severity according to our Security Policy. Only x86-64 systems with AVX-512 and VAES instruction support are affected. Other architectures and systems without VAES support use different code paths that are not affected. OpenSSL FIPS module in 3.6 version is affected by this issue.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* - VULNERABLE
OpenSSL 3.6 (FIPS Module)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * PoC Concept for CVE-2026-28386 * This code demonstrates the API usage that could trigger the vulnerability. * Actual exploitation requires specific memory alignment (page boundary) * and AVX-512/VAES enabled hardware. */ #include <stdio.h> #include <string.h> #include <openssl/evp.h> int main() { EVP_CIPHER_CTX *ctx; const EVP_CIPHER *cipher = EVP_aes_128_cfb128(); unsigned char key[16] = {0}; unsigned char iv[16] = {0}; // Input buffer designed to trigger partial block processing // In a real exploit, this would be allocated at a page boundary unsigned char in[15] = {0}; unsigned char out[16]; int outlen; ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv); // Update with partial block (less than block size) // If the buffer 'in' ends at a page boundary and next page is unmapped, // this may trigger the out-of-bounds read. if (!EVP_EncryptUpdate(ctx, out, &outlen, in, 15)) { printf("Error during update\n"); } EVP_EncryptFinal_ex(ctx, out + outlen, &outlen); EVP_CIPHER_CTX_free(ctx); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-28386", "sourceIdentifier": "[email protected]", "published": "2026-04-07T22:16:20.513", "lastModified": "2026-04-24T18:28:21.313", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6.0", "versionEndExcluding": "3.6.2", "matchCriteriaId": "4A9E621D-29D8-418A-BF37-BED333C14507"}]}]}], "references": [{"url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://openssl-library.org/news/secadv/20260407.txt", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.