Zero Day MonitorZDM

← Back to list

7.1

CVE-2026-42010

red hat · red hat enterprise linux

Gnutls: gnutls: authentication bypass via nul character in username

Description

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-42010(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2467289(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier C

VulDB4d ago

CVE-2026-42010 | GnuTLS RSA-PSK improper authorization

→ No new info (linked only)

Tier C

oss-security11d ago

gnutls 3.8.13 released with 12 CVE fixes and more

→ No new info (linked only)

CVSS 3.17.1 NONE

CISA KEV❌ No

Actively exploited❌ No

PublishedMay 7, 2026

Last enriched4d agov2

Trending Score18

Source articles2

Independent2

Info Completeness5/14

Missing: versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-4424

Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

NONECVE-2026-33845

Gnutls: gnutls: denial of service via dtls zero-length fragment

HIGHCVE-2026-4802

Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

NONECVE-2026-3832

Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Multiple vulnerabilities in Red Hat Linux kernel

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 7, 2026

Discovered by ZDM

May 7, 2026

Updated: description, severity

May 7, 2026

Version History

v2

Last enriched 4d ago

v2Tier C4d ago

Updated severity to CRITICAL, corrected exploit availability to false, and provided a new description with additional details.

descriptionseverity

via VulDB

v14d ago

Initial creation