CVE-2022-3786, CVE-2022-3602: OpenSSL High Severity...

CVE-2022-3786, CVE-2022-3602: OpenSSL High Severity Vulnerabilities

Update 11/2: A link to an additional knowledge base article has been added to this community post.

On November 1, OpenSSL published patches for OpenSSL versions 3.0.0 through 3.0.6 to address two high-severity vulnerabilities.

CVE-2022-3786
CVE-2022-3602

Originally, OpenSSL stated that one of these two flaws was rated critical. However, during its prenotification process, it determined that exploitation was mitigated in certain implementations, and it revised its original severity down to high.

Update: On November 2, we published a knowledge base article, Official Tenable information regarding CVE-2022-3786 & CVE-2022-3602 in OpenSSL. Please refer to this article for official information about any impact to Tenable products.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2022-3786, CVE-2022-3602: OpenSSL High Severity...

Recent Discussions

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Americas

Europe

Asia / Australia