diff --git a/0057-fix-CVE-2026-28387.patch b/0057-fix-CVE-2026-28387.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4a2777941734536f038d0b1ae54b65c0b6b42225
--- /dev/null
+++ b/0057-fix-CVE-2026-28387.patch
@@ -0,0 +1,33 @@
+From ec03fa050b3346997ed9c5fef3d0e16ad7db8177 Mon Sep 17 00:00:00 2001
+From: Alexandr Nedvedicky <sashan@openssl.org>
+Date: Tue, 3 Mar 2026 13:23:46 +0100
+Subject: [PATCH] dane_match_cert() should X509_free() on ->mcert instead of
+ OPENSSL_free()
+
+Fixes: 170b735820ac "DANE support for X509_verify_cert()"
+
+Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+MergeDate: Thu Mar  5 12:37:17 2026
+(Merged from https://github.com/openssl/openssl/pull/30250)
+
+(cherry picked from commit 8b5cd6a682f0f6e7b8bf55137137c567d1899c4a)
+---
+ crypto/x509/x509_vfy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index d787f269a9d51..dd662a4be32e0 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -2814,7 +2814,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+             if (matched || dane->mdpth < 0) {
+                 dane->mdpth = depth;
+                 dane->mtlsa = t;
+-                OPENSSL_free(dane->mcert);
++                X509_free(dane->mcert);
+                 dane->mcert = cert;
+                 X509_up_ref(cert);
+             }
diff --git a/openssl.spec b/openssl.spec
index dd062a46eb15e3fde1bf4ec5cf2475056fedb6e1..a4e6b79be26aaeac9ba0499bed8038f2c2c1172a 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,4 +1,4 @@
-%define anolis_release 21
+%define anolis_release 22
 %global soversion 3
 
 %define srpmhash() %{lua:
@@ -138,6 +138,8 @@ Patch00104: 00104-bugfix-for-CVE-2026-28390.patch
 
 # https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac
 Patch00105: 1012-fix-CVE-2026-31790.patch
+# https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177
+Patch00106: 0057-fix-CVE-2026-28387.patch
 
 BuildRequires:  gcc git coreutils perl-interpreter sed zlib-devel /usr/bin/cmp
 BuildRequires:  lksctp-tools-devel
@@ -342,6 +344,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.di
 %doc NEWS.md README.md
 
 %changelog
+* Sat Apr 18 2026 yangjinlin01 <yangjinlin01@inspur.com> - 1:3.0.12-22
+- Fix CVE-2026-28387
+
 * Tue Apr 14 2026 ali-inspur <shenzhongli@inspur.com> - 1:3.0.12-21
 - Fix CVE-2026-31790