VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-f2na-rtsu-ffad

Essentials
Severities (13)
References (13)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-f2na-rtsu-ffad
Aliases	CVE-2026-28387
Summary
Status	Published
Exploitability	0.5
Weighted Severity	3.3
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1341	Multiple Releases of Same Resource or Handle
CWE-416	Use After Free

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28387.json
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2026-28387
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2026-28387
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2026-28387
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2026-28387
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-28387
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b
ssvc	Track	https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe
ssvc	Track	https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3
ssvc	Track	https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7
ssvc	Track	https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177
ssvc	Track	https://openssl-library.org/news/secadv/20260407.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28387.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-28387
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28387
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
07e727d304746edb49a98ee8f6ab00256e1f012b		https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b
20260407.txt		https://openssl-library.org/news/secadv/20260407.txt
2451098		https://bugzilla.redhat.com/show_bug.cgi?id=2451098
258a8f63b26995ba357f4326da00e19e29c6acbe		https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe
444958deaf450aea819171f97ae69eaedede42c3		https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3
7a4e08cee62a728d32e60b0de89e6764339df0a7		https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7
ec03fa050b3346997ed9c5fef3d0e16ad7db8177		https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177
USN-8155-1		https://usn.ubuntu.com/8155-1/
USN-8155-2		https://usn.ubuntu.com/8155-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28387.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:07Z/ Found at https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:07Z/ Found at https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:07Z/ Found at https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:07Z/ Found at https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:07Z/ Found at https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:07Z/ Found at https://openssl-library.org/news/secadv/20260407.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.04327
EPSS Score	0.00017
Published At	April 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-02T12:44:16.165341+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.0.0