Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2026-5260
Vulnerability from osv_ubuntu
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.5.18-1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.18-1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.5.8-6ubuntu3",
"3.5.17-1ubuntu1",
"3.5.17-1ubuntu3",
"3.5.18-1ubuntu1",
"3.5.18-1ubuntu1.1",
"3.5.18-1ubuntu1.2",
"3.5.18-1ubuntu1.3",
"3.5.18-1ubuntu1.4",
"3.5.18-1ubuntu1.5",
"3.5.18-1ubuntu1.6",
"3.5.18-1ubuntu1.6+esm1",
"3.5.18-1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.12+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.13-2ubuntu1.12+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.9-5ubuntu1",
"3.6.9-5ubuntu2",
"3.6.10-5",
"3.6.11.1-2",
"3.6.11.1-2ubuntu2",
"3.6.13-2ubuntu1",
"3.6.13-2ubuntu1.1",
"3.6.13-2ubuntu1.2",
"3.6.13-2ubuntu1.3",
"3.6.13-2ubuntu1.6",
"3.6.13-2ubuntu1.7",
"3.6.13-2ubuntu1.8",
"3.6.13-2ubuntu1.9",
"3.6.13-2ubuntu1.10",
"3.6.13-2ubuntu1.11",
"3.6.13-2ubuntu1.12",
"3.6.13-2ubuntu1.12+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.7.3-4ubuntu1.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.9?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.3-4ubuntu1.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.1-5ubuntu1",
"3.7.2-2ubuntu1",
"3.7.2-4ubuntu1",
"3.7.2-5ubuntu1",
"3.7.3-4ubuntu1",
"3.7.3-4ubuntu1.1",
"3.7.3-4ubuntu1.2",
"3.7.3-4ubuntu1.3",
"3.7.3-4ubuntu1.4",
"3.7.3-4ubuntu1.5",
"3.7.3-4ubuntu1.6",
"3.7.3-4ubuntu1.7",
"3.7.3-4ubuntu1.8"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.7.3-4ubuntu1.2+Fips1.1"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.7.3-4ubuntu1.2+Fips1.1"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.7.3-4ubuntu1.2+Fips1.1"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.7.3-4ubuntu1.2+Fips1.1"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.7.3-4ubuntu1.2+Fips1.1"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.7.3-4ubuntu1.2+Fips1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-preview:22.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.2+Fips1.1?arch=source\u0026distro=fips-preview/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.3-4ubuntu1.2+Fips1.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.7.3-4ubuntu1.9+Fips1"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.7.3-4ubuntu1.9+Fips1"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.7.3-4ubuntu1.9+Fips1"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.7.3-4ubuntu1.9+Fips1"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.7.3-4ubuntu1.9+Fips1"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.7.3-4ubuntu1.9+Fips1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:22.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.9+Fips1?arch=source\u0026distro=fips-updates/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.3-4ubuntu1.9+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.3-4ubuntu1.2+Fips1.1",
"3.7.3-4ubuntu1.3+Fips1.1",
"3.7.3-4ubuntu1.4+Fips1",
"3.7.3-4ubuntu1.5+Fips1",
"3.7.3-4ubuntu1.6+Fips1",
"3.7.3-4ubuntu1.7+Fips1",
"3.7.3-4ubuntu1.7+Fips1.1",
"3.7.3-4ubuntu1.8+Fips1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.3-1.1ubuntu3.6"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.3-1.1ubuntu3.6"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.3-1.1ubuntu3.6"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.3-1.1ubuntu3.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.3-1.1ubuntu3.6?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.3-1.1ubuntu3.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.1-4ubuntu1",
"3.8.1-4ubuntu6",
"3.8.1-4ubuntu7",
"3.8.3-1ubuntu1",
"3.8.3-1.1ubuntu2",
"3.8.3-1.1ubuntu3",
"3.8.3-1.1ubuntu3.1",
"3.8.3-1.1ubuntu3.2",
"3.8.3-1.1ubuntu3.3",
"3.8.3-1.1ubuntu3.4",
"3.8.3-1.1ubuntu3.5"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:24.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.3-1.1ubuntu3.6+Fips1.2?arch=source\u0026distro=fips-updates/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.3-1.1ubuntu3.6+Fips1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.3-1.1ubuntu3.1+Fips1",
"3.8.3-1.1ubuntu3.4+Fips1",
"3.8.3-1.1ubuntu3.4+Fips1.1",
"3.8.3-1.1ubuntu3.5+Fips1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.9-3ubuntu2.2"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.9-3ubuntu2.2"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.9-3ubuntu2.2"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.9-3ubuntu2.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.9-3ubuntu2.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.9-3ubuntu2.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.9-2ubuntu3",
"3.8.9-3ubuntu1",
"3.8.9-3ubuntu2",
"3.8.9-3ubuntu2.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.12-2ubuntu1.1"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.12-2ubuntu1.1"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.12-2ubuntu1.1"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.12-2ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.12-2ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.12-2ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.9-3ubuntu2",
"3.8.10-3ubuntu1",
"3.8.12-2ubuntu1"
]
}
],
"aliases": [],
"details": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
"id": "UBUNTU-CVE-2026-5260",
"modified": "2026-07-06T18:37:01Z",
"published": "2026-04-30T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-5260"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5260"
},
{
"type": "REPORT",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8284-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8502-1"
}
],
"related": [
"USN-8284-1",
"USN-8502-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-5260"
]
}
CVE-2026-5260 (GCVE-0-2026-5260)
Vulnerability from cvelistv5 – Published: 2026-05-26 21:29 – Updated: 2026-07-15 14:33- CWE-126 - Buffer Over-read
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.8.10-4.el10_2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:3.8.9-9.el10_0.19 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.6.16-8.el8_10.6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.6.14-10.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:4.13-3.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.6.14-10.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:4.13-3.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.6.16-5.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:4.13-3.el8_6.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.6.16-5.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:4.13-3.el8_6.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.6.16-7.el8_8.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:4.13-4.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.6.16-7.el8_8.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:4.13-4.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.8.10-4.el9_8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions |
Unaffected:
0:3.8.3-4.el9_4.6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.4::appstream cpe:/o:redhat:rhel_e4s:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:3.8.3-6.el9_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/o:redhat:rhel_eus:9.6::baseos |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
1782159791 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
1782166952 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Hardened Images |
Unaffected:
3.8.13-1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1781525684 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1781525671 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1781525693 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1781525739 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T13:36:46.793551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:37:10.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.10-4.el10_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.9-9.el10_0.19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_10.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_10.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.14-10.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.14-10.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-5.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-5.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-7.el8_8.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-4.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-7.el8_8.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-4.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.10-4.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.10-4.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream",
"cpe:/o:redhat:rhel_e4s:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-4.el9_4.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782159791",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782166952",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "gnutls-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.8.13-1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/cds-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781525684",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/haproxy-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781525671",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/installer-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781525693",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/rhua-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781525739",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unknown",
"packageName": "openshift4/ose-hypershift-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue."
}
],
"datePublic": "2026-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:33:32.363Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:13274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
},
{
"name": "RHSA-2026:20611",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
},
{
"name": "RHSA-2026:20612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
},
{
"name": "RHSA-2026:20613",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20613"
},
{
"name": "RHSA-2026:26319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26319"
},
{
"name": "RHSA-2026:26409",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26409"
},
{
"name": "RHSA-2026:29197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"name": "RHSA-2026:30004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30004"
},
{
"name": "RHSA-2026:30849",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"name": "RHSA-2026:30850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30850"
},
{
"name": "RHSA-2026:32962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:32962"
},
{
"name": "RHSA-2026:33125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33125"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-5260"
},
{
"name": "RHBZ#2467450",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
},
{
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-06T19:50:31.302Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Gnutls: gnutls: information disclosure via heap overread in rsa key exchange",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-126: Buffer Over-read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-5260",
"datePublished": "2026-05-26T21:29:20.743Z",
"dateReserved": "2026-03-31T16:25:06.721Z",
"dateUpdated": "2026-07-15T14:33:32.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-8284-1
Vulnerability from osv_ubuntu
Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. (CVE-2026-33845)
Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did not properly validate DTLS handshake fragment lengths in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-33846)
Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly validate OCSP responses in certain cases. A remote attacker could possibly use this issue to bypass certificate revocation checks, leading to a machine-in-the-middle attack. (CVE-2026-3832)
Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly handle case-insensitive name constraints in certain cases. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-3833)
Joshua Rogers discovered that GnuTLS did not properly order DTLS packets with duplicate sequence numbers in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. (CVE-2026-42009)
Joshua Rogers discovered that GnuTLS did not properly handle usernames containing NUL characters in certain RSA-PSK configurations. A remote attacker could possibly use this issue to bypass authentication and gain unintended access to services. (CVE-2026-42010)
Haruto Kimura discovered that GnuTLS did not properly apply permitted name constraints in certain certificate validation paths. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42011)
Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name checks for certain URI and SRV subject alternative names. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42012)
Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell back to Common Name checks when subject alternative names were oversized. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42013)
Luigino Camastra and Joshua Rogers discovered that GnuTLS had a use-after-free issue when changing PKCS#11 token security officer PINs in certain cases. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-42014)
Zou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag sizes in certain cases. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-42015)
Joshua Rogers discovered that GnuTLS did not properly handle very short premaster secrets in certain RSA key exchange cases with PKCS#11-backed server keys. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5260)
Doria Tang discovered that GnuTLS did not perform PKCS#7 padding checks in constant time in certain cases. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5419)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-3832",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5260",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33845",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42010",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42011",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42012",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42013",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42014",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.7.3-4ubuntu1.9"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.7.3-4ubuntu1.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.7.3-4ubuntu1.9?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.3-4ubuntu1.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.1-5ubuntu1",
"3.7.2-2ubuntu1",
"3.7.2-4ubuntu1",
"3.7.2-5ubuntu1",
"3.7.3-4ubuntu1",
"3.7.3-4ubuntu1.1",
"3.7.3-4ubuntu1.2",
"3.7.3-4ubuntu1.3",
"3.7.3-4ubuntu1.4",
"3.7.3-4ubuntu1.5",
"3.7.3-4ubuntu1.6",
"3.7.3-4ubuntu1.7",
"3.7.3-4ubuntu1.8"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-3832",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5260",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5419",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33845",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42010",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42011",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42012",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42013",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42014",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.3-1.1ubuntu3.6"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.3-1.1ubuntu3.6"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.3-1.1ubuntu3.6"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.3-1.1ubuntu3.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.3-1.1ubuntu3.6?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.3-1.1ubuntu3.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.1-4ubuntu1",
"3.8.1-4ubuntu6",
"3.8.1-4ubuntu7",
"3.8.3-1ubuntu1",
"3.8.3-1.1ubuntu2",
"3.8.3-1.1ubuntu3",
"3.8.3-1.1ubuntu3.1",
"3.8.3-1.1ubuntu3.2",
"3.8.3-1.1ubuntu3.3",
"3.8.3-1.1ubuntu3.4",
"3.8.3-1.1ubuntu3.5"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-3832",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5260",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5419",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33845",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42010",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42011",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42012",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42013",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42014",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.9-3ubuntu2.2"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.9-3ubuntu2.2"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.9-3ubuntu2.2"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.9-3ubuntu2.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.9-3ubuntu2.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.9-3ubuntu2.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.9-2ubuntu3",
"3.8.9-3ubuntu1",
"3.8.9-3ubuntu2",
"3.8.9-3ubuntu2.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-3832",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5260",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5419",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33845",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42010",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42011",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42012",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42013",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42014",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.8.12-2ubuntu1.1"
},
{
"binary_name": "libgnutls-dane0t64",
"binary_version": "3.8.12-2ubuntu1.1"
},
{
"binary_name": "libgnutls-openssl27t64",
"binary_version": "3.8.12-2ubuntu1.1"
},
{
"binary_name": "libgnutls30t64",
"binary_version": "3.8.12-2ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.8.12-2ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.12-2ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.9-3ubuntu2",
"3.8.10-3ubuntu1",
"3.8.12-2ubuntu1"
]
}
],
"aliases": [],
"details": "Joshua Rogers discovered that GnuTLS did not properly handle malformed\nDTLS handshake fragments in certain cases. A remote attacker could\npossibly use this issue to obtain sensitive information, or cause a\ndenial of service. (CVE-2026-33845)\n\nHaruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did\nnot properly validate DTLS handshake fragment lengths in certain cases. A\nremote attacker could possibly use this issue to cause GnuTLS to crash,\nresulting in a denial of service, or execute arbitrary code.\n(CVE-2026-33846)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nvalidate OCSP responses in certain cases. A remote attacker could\npossibly use this issue to bypass certificate revocation checks, leading\nto a machine-in-the-middle attack. (CVE-2026-3832)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nhandle case-insensitive name constraints in certain cases. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-3833)\n\nJoshua Rogers discovered that GnuTLS did not properly order DTLS packets\nwith duplicate sequence numbers in certain cases. A remote attacker could\npossibly use this issue to cause GnuTLS to crash, resulting in a denial\nof service. (CVE-2026-42009)\n\nJoshua Rogers discovered that GnuTLS did not properly handle usernames\ncontaining NUL characters in certain RSA-PSK configurations. A remote\nattacker could possibly use this issue to bypass authentication and gain\nunintended access to services. (CVE-2026-42010)\n\nHaruto Kimura discovered that GnuTLS did not properly apply permitted\nname constraints in certain certificate validation paths. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-42011)\n\nOleh Konko discovered that GnuTLS incorrectly fell back to Common Name\nchecks for certain URI and SRV subject alternative names. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-42012)\n\nHaruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell\nback to Common Name checks when subject alternative names were oversized.\nA remote attacker could possibly use this issue to bypass certificate\nvalidation, leading to a machine-in-the-middle attack. (CVE-2026-42013)\n\nLuigino Camastra and Joshua Rogers discovered that GnuTLS had a\nuse-after-free issue when changing PKCS#11 token security officer PINs in\ncertain cases. An attacker could possibly use this issue to cause GnuTLS\nto crash, resulting in a denial of service, or execute arbitrary code.\n(CVE-2026-42014)\n\nZou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag\nsizes in certain cases. An attacker could possibly use this issue to\ncause GnuTLS to crash, resulting in a denial of service, or execute\narbitrary code. (CVE-2026-42015)\n\nJoshua Rogers discovered that GnuTLS did not properly handle very short\npremaster secrets in certain RSA key exchange cases with PKCS#11-backed\nserver keys. A remote attacker could possibly use this issue to obtain\nsensitive information. (CVE-2026-5260)\n\nDoria Tang discovered that GnuTLS did not perform PKCS#7 padding checks\nin constant time in certain cases. A remote attacker could possibly use\nthis issue to obtain sensitive information. This issue only affected\nUbuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5419)",
"id": "USN-8284-1",
"modified": "2026-06-17T08:30:45Z",
"published": "2026-05-20T12:57:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8284-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3832"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3833"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-5260"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-5419"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-33845"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-33846"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42009"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42010"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42011"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42012"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42013"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42014"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42015"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "gnutls28 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2026-3832",
"UBUNTU-CVE-2026-3833",
"UBUNTU-CVE-2026-5260",
"UBUNTU-CVE-2026-5419",
"UBUNTU-CVE-2026-33845",
"UBUNTU-CVE-2026-33846",
"UBUNTU-CVE-2026-42009",
"UBUNTU-CVE-2026-42010",
"UBUNTU-CVE-2026-42011",
"UBUNTU-CVE-2026-42012",
"UBUNTU-CVE-2026-42013",
"UBUNTU-CVE-2026-42014",
"UBUNTU-CVE-2026-42015"
]
}
usn-8502-1
Vulnerability from osv_ubuntu
It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)
Bing Shi discovered that GnuTLS incorrectly handled decoding certain DER-encoded certificates. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)
Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11 token labels. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2025-9820)
Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-14831)
Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly handle case-insensitive name constraints in certain cases. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-3833)
Joshua Rogers discovered that GnuTLS did not properly handle very short premaster secrets in certain RSA key exchange cases with PKCS#11-backed server keys. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-5260)
Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-33845)
Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did not properly validate DTLS handshake fragment lengths in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-33846)
Joshua Rogers discovered that GnuTLS did not properly order DTLS packets with duplicate sequence numbers in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. (CVE-2026-42009)
Joshua Rogers discovered that GnuTLS did not properly handle usernames containing NUL characters in certain RSA-PSK configurations. A remote attacker could possibly use this issue to bypass authentication and gain unintended access to services. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-42010)
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-9820",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.4.10-4ubuntu1.9+esm3"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.4.10-4ubuntu1.9+esm3"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.4.10-4ubuntu1.9+esm3"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.4.10-4ubuntu1.9+esm3"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.4.10-4ubuntu1.9+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.4.10-4ubuntu1.9+esm3?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.10-4ubuntu1.9+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.3.15-5ubuntu2",
"3.3.18-1ubuntu1",
"3.3.20-1ubuntu1",
"3.4.9-2ubuntu1",
"3.4.10-4ubuntu1",
"3.4.10-4ubuntu1.1",
"3.4.10-4ubuntu1.2",
"3.4.10-4ubuntu1.3",
"3.4.10-4ubuntu1.4",
"3.4.10-4ubuntu1.5",
"3.4.10-4ubuntu1.6",
"3.4.10-4ubuntu1.7",
"3.4.10-4ubuntu1.8",
"3.4.10-4ubuntu1.9",
"3.4.10-4ubuntu1.9+esm1",
"3.4.10-4ubuntu1.9+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-0553",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-12243",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9820",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14831",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5260",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.5.18-1ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.5.18-1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.18-1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.5.8-6ubuntu3",
"3.5.17-1ubuntu1",
"3.5.17-1ubuntu3",
"3.5.18-1ubuntu1",
"3.5.18-1ubuntu1.1",
"3.5.18-1ubuntu1.2",
"3.5.18-1ubuntu1.3",
"3.5.18-1ubuntu1.4",
"3.5.18-1ubuntu1.5",
"3.5.18-1ubuntu1.6",
"3.5.18-1ubuntu1.6+esm1",
"3.5.18-1ubuntu1.6+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-9820",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14831",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3833",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-5260",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33845",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33846",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42010",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gnutls-bin",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "guile-gnutls",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutls-dane0",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutls-openssl27",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutls30",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
},
{
"binary_name": "libgnutlsxx28",
"binary_version": "3.6.13-2ubuntu1.12+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "gnutls28",
"purl": "pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.12+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.13-2ubuntu1.12+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.9-5ubuntu1",
"3.6.9-5ubuntu2",
"3.6.10-5",
"3.6.11.1-2",
"3.6.11.1-2ubuntu2",
"3.6.13-2ubuntu1",
"3.6.13-2ubuntu1.1",
"3.6.13-2ubuntu1.2",
"3.6.13-2ubuntu1.3",
"3.6.13-2ubuntu1.6",
"3.6.13-2ubuntu1.7",
"3.6.13-2ubuntu1.8",
"3.6.13-2ubuntu1.9",
"3.6.13-2ubuntu1.10",
"3.6.13-2ubuntu1.11",
"3.6.13-2ubuntu1.12",
"3.6.13-2ubuntu1.12+esm1"
]
}
],
"aliases": [],
"details": "It was discovered that GnuTLS had a timing side-channel when processing\nmalformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker\ncould possibly use this issue to recover sensitive information. This\nissue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)\n\nBing Shi discovered that GnuTLS incorrectly handled decoding certain\nDER-encoded certificates. A remote attacker could possibly use this\nissue to cause GnuTLS to consume resources, leading to a denial of\nservice. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)\n\nLuigino Camastra discovered that GnuTLS incorrectly handled certain\nPKCS11 token labels. A remote attacker could use this issue to cause\nGnuTLS to crash, resulting in a denial of service, or possibly execute\narbitrary code. The default compiler options for affected releases\nshould reduce the vulnerability to a denial of service. (CVE-2025-9820)\n\nTim Scheckenbach discovered that GnuTLS incorrectly handled malicious\ncertificates containing a large number of name constraints and subject\nalternative names. A remote attacker could possibly use this issue to\ncause GnuTLS to consume resources, resulting in a denial of service.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2025-14831)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nhandle case-insensitive name constraints in certain cases. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-3833)\n\nJoshua Rogers discovered that GnuTLS did not properly handle very short\npremaster secrets in certain RSA key exchange cases with PKCS#11-backed\nserver keys. A remote attacker could possibly use this issue to obtain\nsensitive information. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2026-5260)\n\nJoshua Rogers discovered that GnuTLS did not properly handle malformed\nDTLS handshake fragments in certain cases. A remote attacker could\npossibly use this issue to obtain sensitive information, or cause a\ndenial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2026-33845)\n\nHaruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did\nnot properly validate DTLS handshake fragment lengths in certain cases.\nA remote attacker could possibly use this issue to cause GnuTLS to\ncrash, resulting in a denial of service, or execute arbitrary code.\n(CVE-2026-33846)\n\nJoshua Rogers discovered that GnuTLS did not properly order DTLS packets\nwith duplicate sequence numbers in certain cases. A remote attacker\ncould possibly use this issue to cause GnuTLS to crash, resulting in a\ndenial of service. (CVE-2026-42009)\n\nJoshua Rogers discovered that GnuTLS did not properly handle usernames\ncontaining NUL characters in certain RSA-PSK configurations. A remote\nattacker could possibly use this issue to bypass authentication and gain\nunintended access to services. This issue only affected Ubuntu 20.04\nLTS. (CVE-2026-42010)",
"id": "USN-8502-1",
"modified": "2026-07-06T13:37:09Z",
"published": "2026-07-06T13:37:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8502-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-0553"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-12243"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9820"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14831"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3833"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-5260"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-33845"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-33846"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42009"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-42010"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "gnutls28 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2024-0553",
"UBUNTU-CVE-2024-12243",
"UBUNTU-CVE-2025-9820",
"UBUNTU-CVE-2025-14831",
"UBUNTU-CVE-2026-3833",
"UBUNTU-CVE-2026-5260",
"UBUNTU-CVE-2026-33845",
"UBUNTU-CVE-2026-33846",
"UBUNTU-CVE-2026-42009",
"UBUNTU-CVE-2026-42010"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.