CVE-2026-28387
Published: 07 April 2026
Description
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a…
more
range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and remediation of the use-after-free/double-free flaw in OpenSSL's DANE TLSA authentication via vendor patches.
Implements memory protection safeguards such as ASLR and DEP to mitigate exploitation of the use-after-free and double-free during client-side TLSA record processing.
Supports vulnerability scanning to identify OpenSSL deployments vulnerable to CVE-2026-28387 under uncommon DANE TLSA configurations.
Security SummaryAI
CVE-2026-28387 is a use-after-free and/or double-free vulnerability in OpenSSL clients performing DANE TLSA-based server authentication under uncommon configurations. It affects clients that utilize TLSA records with both PKIX-TA(0), PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage, when communicating with servers publishing TLSA RRsets containing both types of records. Common deployments, such as SMTP MTAs following RFC7672 recommendations to treat PKIX usages as unusable, or clients ignoring DANE-TA(2), remain unaffected. No FIPS modules are impacted, as the vulnerable code lies outside the FIPS boundary. The issue is classified under CWE-416 with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Exploitation requires a network-based attacker to influence a vulnerable client connecting to a server with the specified mixed TLSA records. The high attack complexity stems from the need for both the client and server to use these uncommon DANE configurations simultaneously. Successful exploitation could result in corruption of valid data, application crashes, or arbitrary code execution on the client side.
OpenSSL has addressed the vulnerability through multiple commits, including 07e727d304746edb49a98ee8f6ab00256e1f012b, 258a8f63b26995ba357f4326da00e19e29c6acbe, 444958deaf450aea819171f97ae69eaedede42c3, 7a4e08cee62a728d32e60b0de89e6764339df0a7, and ec03fa050b3346997ed9c5fef3d0e16ad7db8177, available on the project's GitHub repository. Security practitioners should update affected OpenSSL deployments to incorporate these fixes as the primary mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free/double-free in OpenSSL client DANE handling directly enables remote code execution when a client connects to a server publishing mixed TLSA records, mapping to Exploitation for Client Execution.