What CVEs does OpenSSL 3.6.2 fix?

Eight total: RSA KEM encapsulation fails (CVE-2026-31790), key-agreement tuple loss (CVE-2026-2673), AES-CFB-128 OOB read (CVE-2026-28386), plus PKCS#7, X.509 issues, and more. All detailed in release notes.

Do I need to update to OpenSSL 3.6.2 right away?

If running 3.6.x servers with custom configs or AVX-512, yes — stat. Others: schedule it this week. Moderate risk, high prevalence.

How does OpenSSL 3.6.2 impact performance?

Negligible. Fixes target bugs, not speed hits. Test your workloads, but it's a drop-in for most.

🕳️ Vulnerabilities & CVEs

OpenSSL 3.6.2 Crushes Eight CVEs: Your Crypto Lifeline Just Got Stronger

Eight CVEs patched in OpenSSL 3.6.2. That's the raw count hitting inboxes this week — vulnerabilities that could crack your encryption wide open if ignored.

theAIcatchup Apr 08, 2026 4 min read

OpenSSL 3.6.2 release banner highlighting eight CVE security patches

⚡ Key Takeaways

OpenSSL 3.6.2 patches eight CVEs, rated up to Moderate severity — update servers immediately. 𝕏
Key fixes include RSA KEM flaws and AES crashes, critical for modern crypto setups. 𝕏
This release foreshadows post-quantum readiness, blending legacy and future encryption. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AES-CFB-128 bug #CVE fixes #OpenSSL #OpenSSL 3.6.2 #RSA KEM vulnerability #crypto vulnerabilities #security patch

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by HelpNet Security

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Android's StrongBox Patch Fixes a Hidden Threat to Your Phone's Deepest Secrets

Flowise's Perfect-Score Flaw CVE-2025-59528: Attackers Already Inside

Microsoft Exposes EngageSDK Flaw Risking 30 Million Android Crypto Wallets

EngageLab SDK Flaw Exposed 50M Android Devices — 30M Crypto Wallets in the Crosshairs

Stay in the loop