Critical OpenSSL Vulnerabilities Affect Multiple Ubuntu Versions

Critical OpenSSL Vulnerabilities Affect Multiple Ubuntu Versions

First seen 9 Apr 2026, 20:29 UTC Ubuntu 93% similarity 74.0

Article Content

Browse articles
ThreatCluster

Recent updates to OpenSSL have revealed multiple vulnerabilities affecting various Ubuntu LTS versions. CVE-2026-2673, discovered by Viktor Dukhovni, involves incorrect negotiation of key exchange groups in TLS 1.3 servers, impacting Ubuntu 25.10. Igor Morgenstern identified CVE-2026-28387, which allows remote attackers to crash OpenSSL when used as a DANE client, potentially leading to denial of service or arbitrary code execution. Additional vulnerabilities include CVE-2026-28388 and CVE-2026-28389, both related to memory handling issues that could also result in crashes. These vulnerabilities were published between March 13 and April 7, 2026, and have been addressed in the latest security updates. Users of affected Ubuntu versions are advised to apply the patches immediately to mitigate risks.

Key Points: • Multiple critical vulnerabilities in OpenSSL affect Ubuntu LTS versions 14.04 to 20.04. • CVE-2026-2673 and CVE-2026-28387 allow for denial of service and potential remote code execution. • Patches for these vulnerabilities were released on April 8, 2026.

ThreatCluster AI

Timeline

2026-03-13
CVE-2026-2673 published
2026-04-07
CVE-2026-28387, CVE-2026-28388, CVE-2026-28389 published
2026-04-07
CVE-2026-31790 published
2026-04-07
CVE-2026-28390 published
2026-04-07
CVE-2026-31789 published
2026-04-08
Patches released for OpenSSL vulnerabilities

Community

Browse all →