Main Vulnerability Database SB20260424116

SB20260424116 - Anolis OS update for openssl

Published: April 24, 2026

Security Bulletin ID SB20260424116

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2026-28387)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in DANE client code when processing server DANE TLSA records during TLSA-based server authentication. A remote attacker can provide crafted TLSA records to execute arbitrary code.

The issue only affects clients that use both PKIX-TA(0) or PKIX-EE(1) certificate usages together with the DANE-TA(2) certificate usage, and the server must publish a TLSA RRset containing both record types.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2026:0534

SB20260424116 - Anolis OS update for openssl

Breakdown by Severity

Description

Remediation

References

Please verify you're human