CVE-2026-10028 Red Hat CVE debrief

Who should care

Organizations running applications that use glib-networking for TLS certificate verification, particularly those with GnuTLS backend enabled and exposed to untrusted certificate sources. System administrators maintaining glib-networking packages should prioritize monitoring for patches.

Technical summary

The vulnerability exists in the certificate verification logic when using glib-networking with the GnuTLS backend. A malicious certificate chain with circular issuer references causes unbounded traversal during verification, consuming CPU resources indefinitely. The CVSS 3.1 score of 4.3 (Medium) reflects network attack vector, low attack complexity, no privilege requirements, but required user interaction (the victim application must process the crafted certificate). No confidentiality or integrity impact; availability impact is rated low.

Defensive priority

medium

Recommended defensive actions

• Update glib-networking packages when vendor patches become available
• Monitor GNOME glib-networking work item 231 for upstream fix status
• Review applications using glib-networking with GnuTLS backend for certificate verification workflows
• Implement certificate chain validation limits as a defense-in-depth measure where feasible
• Monitor Red Hat Bugzilla 2465152 for vendor-specific advisory and patch information

Evidence notes

Vulnerability description sourced from NVD record with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. Vendor attribution to Red Hat based on reference domain analysis with low confidence; requires review. GNOME glib-networking project work item 231 identified as upstream tracking location.

Official resources