CVE-2026-42010

⚠️ high

Summary

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

CVSS Score

7.1

High

EPSS Score

0.2

Exploit Probability

Published Date

2026-05-07

First Seen: 2026-05-10

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 53.4% of all 322,079 vulnerabilities in our database.

#150,069

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 7, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue.

SSVC data provided by CISA

Last Modified 2026-05-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE IDs (Weakness Types)

CWE-626

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
gnu	gnutls	Affected	v-
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
redhat	openshift_container_platform	Affected	v4.0

🔗 References 3

https://access.redhat.com/errata/RHSA-2026:13274

https://access.redhat.com/security/cve/CVE-2026-42010

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2467289

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-34000	🔶 medium	6.1	0.0	A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifical...	2026-05-05
CVE-2026-34002	🔶 medium	6.1	0.0	A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension...	2026-05-05
CVE-2026-33845	⚠️ high	7.5	0.0	A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an i...	2026-04-30
CVE-2026-3832	ℹ️ low	3.7	0.0	A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online ...	2026-04-30
CVE-2026-3833	🔶 medium	6.5	0.1	A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstra...	2026-04-30
CVE-2026-7309	🔶 medium	4.3	0.0	A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitra...	2026-04-28

These CVEs affect the same products