CVE-2024-26628 - What Happened With This Withdrawn Vulnerability?

CVE-2024-26628 is an identifier that might have shown up in security advisories or software vulnerability scans—but there’s a twist: This CVE was officially marked as “REJECTED,” meaning there is no longer a valid vulnerability associated with this number. In this post, we’ll unpack the story around this CVE, talk about why some vulnerabilities get withdrawn, and help you avoid confusion when you come across one.

What is CVE-2024-26628?

CVE, or Common Vulnerabilities and Exposures, is an international system for uniquely identifying cybersecurity vulnerabilities. When an issue is found, it's often assigned a number, like CVE-2024-26628, but not all CVEs live on forever. Sometimes, as with this one, they’re withdrawn or marked as "REJECTED."

The official MITRE CVE page for 2024-26628 displays this message:

> REJECTED
> This candidate has been withdrawn by its CVE Numbering Authority (CNA). Further details about the reason for withdrawal are not available.

Requested By Reporter: Sometimes a researcher or project requests withdrawal.

- Administrative Error: A typo or miscommunication led to the creation of a duplicate or erroneous CVE.

These retractions are part of making the CVE process trustworthy and accurate for everyone. When a CVE is marked REJECTED, it means you don’t need to worry about patching or mitigating anything under that entry.

What If I See CVE-2024-26628 in a Report or Exploit Database?

If a scanner or advisory still references CVE-2024-26628, it may be outdated. There are no valid vulnerabilities, proofs-of-concept, or exploits for this CVE. Here’s a quick example you might see in the wild:

[2024-04-01] High risk detected: CVE-2024-26628…

If your tools flag this CVE, you can safely ignore the finding. It’s not actionable.

No Exploit, No Affected Products

Unlike typical vulnerability write-ups, there is no exploit code, no proof-of-concept, and no affected software or systems for CVE-2024-26628. This isn’t an omission—that’s the whole story.

# Example: Always check the official MITRE CVE page
import requests

def check_cve_status(cve_id):
    url = f"https://cveawg.mitre.org/api/cve/{cve_id}";
    resp = requests.get(url)
    if 'REJECTED' in resp.text:
        print(f"{cve_id} is REJECTED. No action needed.")
    else:
        print(f"{cve_id} might be real! Investigate further.")

check_cve_status("CVE-2024-26628")

*Note: Example uses a hypothetical API and is for demonstration purposes. Always check the official MITRE CVE database directly.*

If you’re ever in doubt about the status of a CVE

- Check the official CVE site
- NIST NVD listing for CVE-2024-26628 *(will also show a rejected/withdrawn status if present)*
- CVE Details

If something is marked as “REJECTED,” it’s essentially a dead end. Focus your time on valid, confirmed vulnerabilities.

Summary

CVE-2024-26628 is officially REJECTED. No vulnerability exists for this identifier. If you see it in advisories or scans, you can safely disregard it. Always check official sources before acting on a vulnerability report.

Stay safe, and don’t let ghost CVEs waste your time!


*For more security insights and exclusive breakdowns, follow this blog or bookmark cve.mitre.org.*

Timeline

Published on: 03/06/2024 07:15:13 UTC
Last modified on: 03/20/2024 17:15:07 UTC