CVE-2026-42009
Published: 18 May 2026
Summary
CVE-2026-42009 is a high-severity Undefined Behavior for Input to API (CWE-475) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 48.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30769
Vulnerability details
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with…
more
duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
DTLS comparator flaw directly enables remote DoS via application exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.