Cyber Resilience

CVE-2026-42010

HighUpdated

Published: 07 May 2026

Published
07 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0105 60.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-42010 is a high-severity Improper Null Termination (CWE-170) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication…

more

bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote authentication bypass in a TLS library used by network servers enables exploitation of public-facing applications for unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-32988Same product: Gnu Gnutls
CVE-2026-33845Same product: Gnu Gnutls
CVE-2025-32990Same product: Gnu Gnutls
CVE-2026-5121Same product: Redhat Enterprise Linux
CVE-2026-6846Same product: Redhat Enterprise Linux
CVE-2026-1584Same product: Gnu Gnutls
CVE-2026-4480Same product: Redhat Enterprise Linux
CVE-2026-3441Same product: Redhat Enterprise Linux
CVE-2024-45782Same product: Redhat Enterprise Linux
CVE-2026-3442Same product: Redhat Enterprise Linux

Affected Assets

gnu
gnutls
all versions
redhat
hardened images
all versions
redhat
openshift container platform
4.0
redhat
enterprise linux
10.0, 6.0, 7.0, 8.0, 9.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References