Denial of Service Vulnerability in glib-networking by Red Hat
CVE-2026-10028

4.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
28 May 2026

What is CVE-2026-10028?

A vulnerability exists in glib-networking that enables a remote attacker to exploit an application's certificate verification process when it uses the GnuTLS backend. By providing a specially crafted certificate chain that includes circular issuer relationships, an attacker can trigger an infinite loop during verification. This results in unbounded resource consumption, ultimately leading to a denial of service for the affected application, preventing normal operations.

References

https://access.redhat.com/security/cve/CVE-2026-10028
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2465152
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib-networking/-/work_ite...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.