ALPINE-CVE-2026-28755

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-28755
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-28755.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2026-28755
Upstream
  • CVE-2026-28755
Published
2026-03-24T15:16:33.773Z
Modified
2026-03-26T15:33:41.038970Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

Affected packages

Alpine:v3.22 / nginx

Package

Name
nginx
Purl
pkg:apk/alpine/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.3-r0

Affected versions

0.*
0.8.53-r0
0.8.54-r0
0.8.54-r1
1.*
1.0.4-r0
1.0.4-r1
1.0.5-r0
1.0.11-r0
1.0.11-r1
1.0.14-r0
1.0.15-r0
1.2.2-r0
1.2.3-r0
1.2.4-r0
1.2.5-r0
1.2.6-r0
1.2.7-r0
1.2.8-r0
1.4.0-r0
1.4.0-r1
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.4.3-r1
1.4.4-r0
1.4.4-r1
1.4.4-r2
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.6.0-r0
1.6.0-r1
1.6.0-r2
1.6.0-r3
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.3-r0
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.1-r0
1.8.1-r1
1.9.11-r0
1.9.14-r0
1.9.14-r1
1.10.0-r0
1.10.1-r0
1.10.1-r1
1.10.1-r2
1.10.1-r3
1.10.1-r4
1.10.1-r5
1.10.1-r6
1.10.1-r7
1.10.1-r8
1.10.1-r9
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.3-r4
1.10.3-r5
1.12.0-r0
1.12.0-r1
1.12.0-r2
1.12.1-r0
1.12.1-r1
1.12.1-r2
1.12.1-r3
1.12.2-r0
1.12.2-r1
1.12.2-r2
1.12.2-r3
1.12.2-r4
1.12.2-r5
1.12.2-r6
1.14.0-r0
1.14.0-r1
1.14.0-r2
1.14.1-r0
1.14.2-r0
1.14.2-r1
1.16.0-r0
1.16.0-r1
1.16.0-r2
1.16.0-r3
1.16.0-r4
1.16.1-r0
1.16.1-r1
1.16.1-r2
1.16.1-r3
1.16.1-r4
1.16.1-r5
1.16.1-r6
1.16.1-r7
1.16.1-r8
1.18.0-r0
1.18.0-r1
1.18.0-r2
1.18.0-r3
1.18.0-r4
1.18.0-r5
1.18.0-r6
1.18.0-r7
1.18.0-r8
1.18.0-r9
1.18.0-r10
1.18.0-r11
1.18.0-r12
1.18.0-r13
1.18.0-r14
1.18.0-r15
1.20.0-r0
1.20.1-r0
1.20.1-r1
1.20.1-r2
1.20.1-r3
1.20.1-r4
1.20.1-r5
1.20.1-r6
1.20.1-r7
1.20.1-r8
1.20.1-r9
1.20.1-r10
1.20.1-r11
1.20.1-r12
1.20.1-r13
1.20.2-r0
1.20.2-r1
1.20.2-r2
1.22.0-r0
1.22.0-r1
1.22.0-r2
1.22.0-r3
1.22.0-r4
1.22.0-r5
1.22.0-r6
1.22.0-r7
1.22.0-r8
1.22.1-r0
1.22.1-r1
1.22.1-r2
1.24.0-r0
1.24.0-r1
1.24.0-r2
1.24.0-r3
1.24.0-r4
1.24.0-r5
1.24.0-r6
1.24.0-r7
1.24.0-r8
1.24.0-r9
1.24.0-r10
1.24.0-r11
1.24.0-r12
1.24.0-r13
1.24.0-r14
1.24.0-r15
1.24.0-r16
1.24.0-r17
1.24.0-r18
1.24.0-r19
1.24.0-r20
1.26.0-r0
1.26.0-r1
1.26.0-r2
1.26.1-r0
1.26.1-r1
1.26.1-r2
1.26.1-r3
1.26.2-r0
1.26.2-r1
1.26.2-r2
1.26.2-r3
1.26.2-r4
1.26.3-r0
1.26.3-r1
1.26.3-r2
1.26.3-r3
1.26.3-r4
1.28.0-r0
1.28.0-r1
1.28.0-r2
1.28.0-r3
1.28.2-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-28755.json"

Alpine:v3.23 / nginx

Package

Name
nginx
Purl
pkg:apk/alpine/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.3-r0

Affected versions

0.*
0.8.53-r0
0.8.54-r0
0.8.54-r1
1.*
1.0.4-r0
1.0.4-r1
1.0.5-r0
1.0.11-r0
1.0.11-r1
1.0.14-r0
1.0.15-r0
1.2.2-r0
1.2.3-r0
1.2.4-r0
1.2.5-r0
1.2.6-r0
1.2.7-r0
1.2.8-r0
1.4.0-r0
1.4.0-r1
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.4.3-r1
1.4.4-r0
1.4.4-r1
1.4.4-r2
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.6.0-r0
1.6.0-r1
1.6.0-r2
1.6.0-r3
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.3-r0
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.1-r0
1.8.1-r1
1.9.11-r0
1.9.14-r0
1.9.14-r1
1.10.0-r0
1.10.1-r0
1.10.1-r1
1.10.1-r2
1.10.1-r3
1.10.1-r4
1.10.1-r5
1.10.1-r6
1.10.1-r7
1.10.1-r8
1.10.1-r9
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.3-r4
1.10.3-r5
1.12.0-r0
1.12.0-r1
1.12.0-r2
1.12.1-r0
1.12.1-r1
1.12.1-r2
1.12.1-r3
1.12.2-r0
1.12.2-r1
1.12.2-r2
1.12.2-r3
1.12.2-r4
1.12.2-r5
1.12.2-r6
1.14.0-r0
1.14.0-r1
1.14.0-r2
1.14.1-r0
1.14.2-r0
1.14.2-r1
1.16.0-r0
1.16.0-r1
1.16.0-r2
1.16.0-r3
1.16.0-r4
1.16.1-r0
1.16.1-r1
1.16.1-r2
1.16.1-r3
1.16.1-r4
1.16.1-r5
1.16.1-r6
1.16.1-r7
1.16.1-r8
1.18.0-r0
1.18.0-r1
1.18.0-r2
1.18.0-r3
1.18.0-r4
1.18.0-r5
1.18.0-r6
1.18.0-r7
1.18.0-r8
1.18.0-r9
1.18.0-r10
1.18.0-r11
1.18.0-r12
1.18.0-r13
1.18.0-r14
1.18.0-r15
1.20.0-r0
1.20.1-r0
1.20.1-r1
1.20.1-r2
1.20.1-r3
1.20.1-r4
1.20.1-r5
1.20.1-r6
1.20.1-r7
1.20.1-r8
1.20.1-r9
1.20.1-r10
1.20.1-r11
1.20.1-r12
1.20.1-r13
1.20.2-r0
1.20.2-r1
1.20.2-r2
1.22.0-r0
1.22.0-r1
1.22.0-r2
1.22.0-r3
1.22.0-r4
1.22.0-r5
1.22.0-r6
1.22.0-r7
1.22.0-r8
1.22.1-r0
1.22.1-r1
1.22.1-r2
1.24.0-r0
1.24.0-r1
1.24.0-r2
1.24.0-r3
1.24.0-r4
1.24.0-r5
1.24.0-r6
1.24.0-r7
1.24.0-r8
1.24.0-r9
1.24.0-r10
1.24.0-r11
1.24.0-r12
1.24.0-r13
1.24.0-r14
1.24.0-r15
1.24.0-r16
1.24.0-r17
1.24.0-r18
1.24.0-r19
1.24.0-r20
1.26.0-r0
1.26.0-r1
1.26.0-r2
1.26.1-r0
1.26.1-r1
1.26.1-r2
1.26.1-r3
1.26.2-r0
1.26.2-r1
1.26.2-r2
1.26.2-r3
1.26.2-r4
1.26.3-r0
1.26.3-r1
1.26.3-r2
1.26.3-r3
1.26.3-r4
1.28.0-r0
1.28.0-r1
1.28.0-r2
1.28.0-r3
1.28.0-r4
1.28.0-r5
1.28.0-r6
1.28.0-r7
1.28.0-r8
1.28.2-r0
1.28.2-r1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-28755.json"