CVE-2026-2673Algorithm Downgrade in Openssl

CWE-757Algorithm DowngradeCWE-325Missing Cryptographic Step23 documents10 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 85.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openssl
Timeline
PublishedMar 13
Latest updateApr 9

Description

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client ch

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5openssl/openssl3.6.03.6.2+1
Alpineopenssl/openssl< 3.5.6-r0+1
Debianopenssl/openssl< 3.5.5-1~deb13u2

🔴Vulnerability Details

4
OSV
CVE-2026-2673: Issue summary: An OpenSSL TLS 12026-03-13
GHSA
GHSA-wj64-gh9j-xm82: Issue summary: An OpenSSL TLS 12026-03-13
OSV
CVE-2026-2673: Issue summary: An OpenSSL TLS 12026-03-13
CVEList
OpenSSL TLS 1.3 server may choose unexpected key agreement group2026-03-13

📋Vendor Advisories

5
Ubuntu
OpenSSL vulnerabilities2026-04-09
Ubuntu
OpenSSL vulnerabilities2026-04-08
Red Hat
openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group2026-03-13
Microsoft
OpenSSL TLS 1.3 server may choose unexpected key agreement group2026-03-10
Debian
CVE-2026-2673: openssl - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected pref...2026

🕵️Threat Intelligence

12
Wiz
CVE-2025-15469 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2673 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-69421 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-22796 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-15468 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-2673 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group2026-03-13