Vulnerability in Datagram Transport Layer Security Implemented in GnuTLS
CVE-2026-42009

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 18 May 2026

What is CVE-2026-42009?

A vulnerability exists in the Datagram Transport Layer Security (DTLS) implementation in GnuTLS where the packet reordering logic is flawed. This issue arises in the comparator function responsible for sequencing DTLS packets, specifically when handling packets with duplicate sequence numbers. As a result, attackers may exploit this vulnerability to induce unstable packet ordering or undefined behavior, which could lead to a denial of service. Ensuring timely updates and patches is critical to mitigate risks associated with this security flaw.

References

https://access.redhat.com/security/cve/CVE-2026-42009

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2467279

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue.

CVE-2026-42009 Data

JSON