PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-42009 Red Hat CVE debrief

A vulnerability in GnuTLS's Datagram Transport Layer Security (DTLS) implementation allows remote attackers to cause denial of service through malformed packet handling. The flaw exists in the comparator function responsible for ordering DTLS packets by sequence numbers, which fails to properly handle packets with duplicate sequence numbers. This can result in unstable packet ordering or undefined behavior. The vulnerability is network-exploitable with low attack complexity and no required privileges or user interaction. The CVSS 3.1 score of 7.5 reflects high availability impact. The weakness is categorized as CWE-475 (Undefined Behavior for Input to API).

Vendor
Red Hat
Product
Red Hat Hardened Images
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-27
Advisory published
2026-05-18
Advisory updated
2026-05-27

Who should care

Organizations operating DTLS services using GnuTLS, including VPN gateways, real-time communications infrastructure, and IoT device management platforms. Security teams should prioritize patching due to the network-exploitable nature and high availability impact.

Technical summary

The vulnerability resides in GnuTLS's DTLS packet reordering logic. The comparator function that orders packets by sequence numbers does not correctly handle duplicate sequence numbers, leading to undefined behavior and potential denial of service. DTLS, used for datagram-based TLS communications, relies on proper sequence number handling for security and stability. The flaw is remotely exploitable without authentication.

Defensive priority

HIGH

Recommended defensive actions

  • Apply GnuTLS security updates when available from distribution maintainers
  • Monitor Red Hat Bugzilla 2467279 for patch status
  • Review DTLS-enabled services for exposure to untrusted networks
  • Consider temporary network segmentation for critical DTLS endpoints pending patch
  • Enable logging for DTLS connection anomalies to detect potential exploitation attempts

Evidence notes

Vulnerability description sourced from NVD record with references to Red Hat Security and Bugzilla. CVSS vector confirms network attack vector with high availability impact. Vendor attribution to GnuTLS based on description text; vendor field marked for review due to low confidence canonical source.

Official resources

2026-05-18