OpenSSL CVE-2022-3786 and CVE-2022-3602 impact

Based upon previous posts WinSCP uses OpenSSL for FTP over TLS.
Issue 1151 – OpenSSL vulnerability CVE-2014-0160

Is there any confirmation that OpenSSL versions(3.0.0 – 3.0.6) are not bundled into the current versions? If so, is there an update planned with version 3.0.7?

Inspecting the Download Source and WinSCP history link, I noted since v5.21.2(2022-08-08) the OpenSSL version was set to 1.1.1q.
libs\openssl\include\openssl\opensslv.h
OpenSSL 1.1.1q 5 Jul 2022

Yes, the current version of WinSCP is based on OpenSSL 1.1.1. No version of WinSCP ever used OpenSSL 3.0.

So, no version of WinSCP is vulnerable to CVE-2022-3786 or CVE-2022-3602.