OpenSSL Advisory: April 7th, 2026 (BoringSSL Not Affected)

OpenSSL have published a security advisory. Here's how it affects BoringSSL:

CVE	Summary	Severity in OpenSSL	Impact to BoringSSL
CVE-2026-31790	Incorrect Failure Handling in RSA KEM RSASVE Encapsulation	Moderate	Not affected, issue was introduced after fork
CVE-2026-28386	Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support	Low	Not affected, issue was introduced after fork
CVE-2026-28387	Potential Use-after-free in DANE Client Code	Low	Not affected, issue was introduced after fork
CVE-2026-28388	NULL Pointer Dereference When Processing a Delta CRL	Low	Not affected, impacted code was removed from BoringSSL in November 2023
CVE-2026-28389	Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo	Low	Not affected, impacted code was removed from BoringSSL in the initial fork
CVE-2026-28390	Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo	Low	Not affected, impacted code was removed from BoringSSL in the initial fork
CVE-2026-31789	Heap Buffer Overflow in Hexadecimal Conversion	Low	Not affected, issue was introduced after fork