CVE-2026-28387: Azure DANE Client Use-After-Free Flaw
🟠 High | Source: Microsoft Security Response Center CVE-2026-28387 is a use-after-free vulnerability identified in DANE (DNS-based Authentication of Named Entities) client code, which could allow an attacker to execute arbitrary code or cause a crash by exploiting improper memory management. DANE is used to validate TLS certificates via DNSSEC, meaning this flaw sits within a trust and authentication mechanism. If exploited, the impact could range from denial of service to remote code execution depending on the context in which the vulnerable code runs. ...