QSearchQSearch

CVE-2026-42010

7.1 HIGH

A flaw was found in gnutls

Published: 2026-05-07 · Last updated: 2026-06-10

Severity and scoring

CVSS
7.1 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE
CWE-170, CWE-626

Affected products

VendorProduct
gnuenterprise_linux, gnutls, hardened_images
redhatenterprise_linux, gnutls, hardened_images

Description

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-50263 A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow() (5.5 MEDIUM)
  • CVE-2026-50260 A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter() (7.8 HIGH)
  • CVE-2026-50259 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
  • CVE-2026-50258 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
  • CVE-2026-50257 A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)

Same CWE

  • CVE-2026-5067 A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-... (9.8 CRITICAL)
  • CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs (9.8 CRITICAL)
  • CVE-2026-42579 Netty is an asynchronous, event-driven network application framework (7.5 HIGH)