Authentication Bypass Vulnerability in GnuTLS Affects Remote Access Security
CVE-2026-42010

7.1HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-42010?

A flaw in GnuTLS allows for an authentication bypass due to improper handling of usernames by servers configured with RSA-PSK. When a username containing a NUL character is submitted, it falsely aligns with truncated usernames, enabling remote attackers to exploit this vulnerability. This manipulation can lead to unauthorized access, allowing attackers to circumvent the authentication process and gain privileges without valid credentials.

References

https://access.redhat.com/security/cve/CVE-2026-42010

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2467289

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue.

CVE-2026-42010 Data

JSON