CVE-2026-28387

Daily digests

A use-after-free bug exists in OpenSSL's DANE client verification code. An attacker who controls a malicious server (or sits in a network position to manipulate TLS handshakes) could trigger this to crash or potentially execute code in any application using OpenSSL's DANE validation. CVSS 8.1 but no known exploitation yet, and the EPSS score is very low at 0.00032.

• Daily Digest · Apr 30, 2026

  ksmbd RCE (9.8) + Wazuh cluster write-to-RCE