CVE-2026-42009

⚠️ high

Summary

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

CVSS Score

7.5

High

EPSS Score

0.7

Exploit Probability

Published Date

2026-05-18

First Seen: 2026-05-19

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 326,604 vulnerabilities in our database.

#101,315

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 18, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue.

SSVC data provided by CISA

Last Modified 2026-06-08

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-475

📦 Affected Products 33

Vendor	Product	Status	Affected Versions
gnu	gnutls	Affected	v-
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v10.2
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
redhat	enterprise_linux	Affected	v9.8
redhat	enterprise_linux_for_power_little_endian	Affected	v10.0
redhat	enterprise_linux_for_power_little_endian	Affected	v10.2
redhat	enterprise_linux_for_power_little_endian	Affected	v8.0_ppc64le
redhat	enterprise_linux_for_power_little_endian	Affected	v9.0_ppc64le
redhat	enterprise_linux_for_ibm_z_systems	Affected	v10.2
redhat	enterprise_linux_for_ibm_z_systems	Affected	v8.0_s390x
redhat	enterprise_linux_for_ibm_z_systems	Affected	v9.0_s390x
redhat	enterprise_linux_for_power_little_endian_eus	Affected	v10.2
redhat	enterprise_linux_for_power_little_endian_eus	Affected	v9.8
redhat	enterprise_linux_for_ibm_z_systems_eus	Affected	v10.2
redhat	enterprise_linux_for_ibm_z_systems_eus	Affected	v9.8
redhat	openshift_container_platform	Affected	v4.0
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	Affected	v9.8
redhat	enterprise_linux_for_els	Affected	v10.2
redhat	enterprise_linux_for_els	Affected	v8.10
redhat	enterprise_linux_for_els	Affected	v9.8
redhat	enterprise_linux_for_ibm_z_systems_els	Affected	v10.2
redhat	enterprise_linux_for_ibm_z_systems_els	Affected	v8.10
redhat	enterprise_linux_for_ibm_z_systems_els	Affected	v9.8
redhat	enterprise_linux_for_power_little_endian_els	Affected	v10.2
redhat	enterprise_linux_for_power_little_endian_els	Affected	v8.10
redhat	enterprise_linux_for_power_little_endian_els	Affected	v9.8
redhat	enterprise_linux_for_eus	Affected	v10.2
redhat	enterprise_linux_for_eus	Affected	v9.8
redhat	enterprise_linux_for_update_services_for_sap_solutions	Affected	v9.8

🔗 References 6

https://access.redhat.com/errata/RHSA-2026:13274

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:20611

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:20612

Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:20613

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2026-42009

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2467279

Issue Tracking Third Party Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-50256	⚠️ high	7.8	0.0	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the...	2026-06-05
CVE-2026-50257	⚠️ high	7.8	0.0	A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multip...	2026-06-05
CVE-2026-50258	⚠️ high	7.8	0.0	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers...	2026-06-05
CVE-2026-50259	⚠️ high	7.8	0.0	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-siz...	2026-06-05
CVE-2026-1784	⚠️ high	8.8	0.0	The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found...	2026-06-02
CVE-2026-10533	🔶 medium	5.0	0.1	A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQ...	2026-06-01

These CVEs affect the same products