CVE-2026-5419
3.7 LOWA flaw was found in gnutls
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-208
Description
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48011 — Shopware is an open commerce platform (3.7 LOW)
- CVE-2026-48859 — Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enum...
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)
- CVE-2026-5091 — Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks
- CVE-2026-44061 — Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authen... (5.9 MEDIUM)