OpenSSL 3.6.2 lands with eight CVE fixes

OpenSSL 3.6.2 patches eight CVEs across a range of components. The project rates the most severe issue in the release as Moderate.

What got fixed

The release fixes incorrect failure handling in RSA KEM RSASVE encapsulation (CVE-2026-31790) and a loss of key agreement group tuple structure when the DEFAULT keyword is used in server-side configuration of the key-agreement group list (CVE-2026-2673).

An out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support (CVE-2026-28386) is also addressed, along with a potential use-after-free in DANE client code (CVE-2026-28387) and a NULL pointer dereference when processing a delta CRL (CVE-2026-28388).

Two additional NULL dereference bugs affecting CMS recipient info handling are resolved: one in CMS KeyAgreeRecipientInfo processing (CVE-2026-28389) and one in CMS KeyTransportRecipientInfo processing (CVE-2026-28390). A heap buffer overflow in hexadecimal conversion (CVE-2026-31789) rounds out the security fixes.

Regression repairs

Beyond the CVEs, the release addresses two behavioral regressions introduced in OpenSSL 3.6.0. One restores the pre-3.6.0 behavior of the X509_V_FLAG_CRL_CHECK_ALL flag. The other fixes a regression in handling stapled OCSP responses that caused handshake failures for OpenSSL 3.6.0 servers with various client implementations.

Scope and affected versions

OpenSSL 3.6 and 3.5 are vulnerable to several of these issues. OpenSSL 3.4, 3.3, 3.0, 1.0.2, and 1.1.1 are not affected by some of the CVEs patched in this release. Administrators running 3.6.x on x86-64 systems with AVX-512 enabled should prioritize the AES-CFB-128 fix given the memory-read exposure in that path.

The 3.6 series carries standard support, with a shorter update window than the long-term support 3.5 branch. Organizations with flexibility in version selection may want to weigh that distinction when planning upgrade schedules.