PatchSiren cyber security CVE debrief

CVE-2026-42010 Red Hat CVE debrief

A vulnerability in GnuTLS allows authentication bypass in RSA-PSK configurations due to improper NUL character handling in username comparison. When servers use RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) authentication, usernames containing embedded NUL bytes are incorrectly matched against truncated versions of themselves. A remote attacker can exploit this by crafting a username with embedded NUL characters to bypass authentication and gain unauthorized access. The vulnerability affects GnuTLS implementations across multiple Red Hat Enterprise Linux versions (6.0 through 10.0), OpenShift Container Platform 4.0, and Red Hat Hardened Images. The issue was published on May 7, 2026, with modifications on May 27, 2026. Red Hat has issued security advisories RHSA-2026:13274 and RHSA-2026:20611 addressing this flaw.

Vendor: Red Hat
Product: Red Hat Enterprise Linux 8
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-07
Original CVE updated: 2026-05-27
Advisory published: 2026-05-07
Advisory updated: 2026-05-27

Who should care

Organizations running GnuTLS with RSA-PSK authentication, particularly those using Red Hat Enterprise Linux 6-10, OpenShift Container Platform 4.0, or Red Hat Hardened Images. Security teams responsible for TLS/SSL infrastructure and authentication systems. Developers implementing custom authentication using GnuTLS libraries.

Technical summary

The vulnerability exists in GnuTLS servers configured with RSA-PSK authentication. The username comparison logic fails to properly handle NUL (0x00) characters, causing strings with embedded NUL bytes to match truncated versions of themselves. For example, a username 'admin' followed by NUL bytes may be incorrectly matched against just 'admin'. This allows an attacker to craft a malicious username that authenticates as a different, potentially privileged user. The flaw is classified as CWE-626 (Null Byte Interaction Error). The attack requires network access to the service and valid credentials for some user account (low privileges), but no user interaction. Successful exploitation yields high confidentiality impact and low integrity impact.

Defensive priority

HIGH

Recommended defensive actions

Apply Red Hat security advisories RHSA-2026:13274 and RHSA-2026:20611 to affected systems
Review GnuTLS configurations using RSA-PSK authentication for exposure
Implement network segmentation to limit access to services using RSA-PSK authentication
Monitor authentication logs for anomalous username patterns containing unexpected characters
Validate username input handling in custom applications using GnuTLS RSA-PSK
Consider disabling RSA-PSK authentication if not required until patches are applied

Evidence notes

Vulnerability description sourced from NVD record. Affected products identified via CPE criteria in NVD data: GnuTLS, RHEL 6.0-10.0, OpenShift Container Platform 4.0, Red Hat Hardened Images. Red Hat security advisories RHSA-2026:13274 and RHSA-2026:20611 published. Bugzilla tracking issue 2467289 opened. CVSS 3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. CWE-626 (Null Byte Interaction Error) classified.

Official resources

CVE-2026-42010 CVE record
CVE.org
CVE-2026-42010 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory

2026-05-07