CVE-2026-42010

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1

Description Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) incorrectly match usernames containing a NUL character with truncated usernames. A remote attacker can exploit this by sending a specially crafted username to bypass the authentication process and gain unauthorized access.

Recommendations Update to version 3.8.13-1.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-626

Related Identifiers

ALSA-2026:20611

CVE-2026-42010

ECHO-8172-5400-EF47

OESA-2026-2333

OESA-2026-2334

OESA-2026-2335

OESA-2026-2403

OESA-2026-2404

OPENSUSE-SU-2026:10691-1

RHSA-2026:13274

USN-8284-1

Affected Products

Linuxmint

Ubuntu

Gnutls

CVE-2026-42010

Weakness Enumeration

Related Identifiers

Affected Products

References · 86