CVE-2026-42009

High

Published: 18 May 2026

Published

18 May 2026

Modified

18 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0012 30.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-42009 is a high-severity Undefined Behavior for Input to API (CWE-475) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 30.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with…

duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-475

References

https://access.redhat.com/security/cve/CVE-2026-42009
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2467279
secalert@redhat.com