HIGHCVE-2026-42010Published Modified CNA redhat
CVE-2026-42010: Gnutls: gnutls: authentication bypass via nul character in username
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
Metrics
- CVSS v3.1
- 7.1
- Severity
- HIGH
- Fixed in
- 0:3.6.16-8.el8_10.6
- Affected Products
- 8
Fix available
0:3.6.16-8.el8_10.63.8.13-1.hum1
Affected packages
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Hardened ImagesFixed in 3.8.13-1.hum1
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 6
- Red Hat / Red Hat Enterprise Linux 7
- Red Hat / Red Hat Enterprise Linux 9
- Red Hat / Red Hat OpenShift Container Platform 4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N