COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-42010

CVE-2026-42010

Severity
high
Source
NVD · cve
Published
2026-05-07
CVSS
7.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-42010
shame 25/100

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authe

Players implicated

gnu · vendorredhat · vendorenterprise linux · productgnutls · producthardened images · productopenshift container platform · product

Description

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.