Cyber Resilience

CVE-2026-42009

HighUpdated

Published: 18 May 2026

Published
18 May 2026
Modified
08 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0078 51.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-42009 is a high-severity Undefined Behavior for Input to API (CWE-475) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 48.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with…

more

duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

DTLS comparator flaw directly enables remote DoS via application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-32990Same product: Gnu Gnutls
CVE-2026-1584Same product: Gnu Gnutls
CVE-2026-3442Same product: Redhat Enterprise Linux
CVE-2026-42010Same product: Gnu Gnutls
CVE-2026-33845Same product: Gnu Gnutls
CVE-2025-32988Same product: Gnu Gnutls
CVE-2026-6846Same product: Redhat Enterprise Linux
CVE-2026-0966Same product: Redhat Enterprise Linux
CVE-2026-3260Same product: Redhat Enterprise Linux
CVE-2026-3441Same product: Redhat Enterprise Linux

Affected Assets

gnu
gnutls
all versions
redhat
hardened images
all versions
redhat
openshift container platform
4.0
redhat
enterprise linux
10.0, 10.2, 6.0, 7.0, 8.0
redhat
enterprise linux for els
10.2, 8.10, 9.8
redhat
enterprise linux for ibm z systems
10.2, 8.0_s390x, 9.0_s390x
redhat
enterprise linux for ibm z systems els
10.2, 8.10, 9.8
redhat
enterprise linux for power little endian
10.0, 10.2, 8.0_ppc64le, 9.0_ppc64le
redhat
enterprise linux for power little endian els
10.2, 8.10, 9.8
redhat
enterprise linux for eus
10.2, 9.8
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References