CVE-2026-42010
Published: 07 May 2026
Summary
CVE-2026-42010 is a high-severity Improper Null Termination (CWE-170) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-28354
Vulnerability details
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication…
more
bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote authentication bypass in a TLS library used by network servers enables exploitation of public-facing applications for unauthorized access.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.