Back

Critical OpenSSL Vulnerabilities Affect Multiple Ubuntu Versions

Severity: High (Score: 74.0)

Sources: Ubuntu

Summary

Recent updates to OpenSSL have revealed multiple vulnerabilities affecting various Ubuntu LTS versions. CVE-2026-2673, discovered by Viktor Dukhovni, involves incorrect negotiation of key exchange groups in TLS 1.3 servers, impacting Ubuntu 25.10. Igor Morgenstern identified CVE-2026-28387, which allows remote attackers to crash OpenSSL when used as a DANE client, potentially leading to denial of service or arbitrary code execution. Additional vulnerabilities include CVE-2026-28388 and CVE-2026-28389, both related to memory handling issues that could also result in crashes. These vulnerabilities were published between March 13 and April 7, 2026, and have been addressed in the latest security updates. Users of affected Ubuntu versions are advised to apply the patches immediately to mitigate risks. Key Points: • Multiple critical vulnerabilities in OpenSSL affect Ubuntu LTS versions 14.04 to 20.04. • CVE-2026-2673 and CVE-2026-28387 allow for denial of service and potential remote code execution. • Patches for these vulnerabilities were released on April 8, 2026.

Key Entities

  • Denial of Service (attack_type)
  • CVE-2026-2673 (cve)
  • CVE-2026-28387 (cve)
  • CVE-2026-28388 (cve)
  • CVE-2026-28389 (cve)
  • CVE-2026-28390 (cve)
  • T1499 - Endpoint Denial of Service (mitre_attack)
  • Openssl (tool)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed