9.8

CVE-2026-42010

Medienbericht

Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version-
RedhatHardened Images Version-
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.05% 0.6
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE-170 Improper Null Termination

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

CWE-626 Null Byte Interaction Error (Poison Null Byte)

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.05.2026 17:45
https://bugzilla.redhat.com/show_bug.cgi?id=2467289
Vendor Advisory
Issue Tracking
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42010.json
https://access.redhat.com/errata/RHSA-2026:36004
https://access.redhat.com/errata/RHSA-2026:36005
https://access.redhat.com/errata/RHSA-2026:36006
https://access.redhat.com/errata/RHSA-2026:13274
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125
https://access.redhat.com/errata/RHSA-2026:34790
https://access.redhat.com/security/cve/CVE-2026-42010
Vendor Advisory
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4
https://access.redhat.com/errata/RHSA-2026:34764
https://access.redhat.com/errata/RHSA-2026:34788