CVE-2026-42010

High

Published: 07 May 2026

Published

07 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0015 35.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication…

bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-626

References

https://access.redhat.com/security/cve/CVE-2026-42010
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2467289
secalert@redhat.com