CVE-2026-42015
Published: 26 May 2026
Summary
CVE-2026-42015 is a medium-severity Off-by-one Error (CWE-193) vulnerability. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32012
Vulnerability details
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already…
more
contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote memory corruption in crypto library enables exploitation of public-facing apps/services using GnuTLS for arbitrary impacts beyond DoS.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.