OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2026-2673 | OpenSSL TLS 1.3 server may choose unexpected key agreement group | Low | Not affected, issue was introduced after fork |