Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-29T00:00:00 gnutls: gnutls: Authentication Bypass via NUL Character in Username 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue. Red Hat Enterprise Linux 10 Affected gnutls Red Hat Enterprise Linux 6 Affected gnutls Red Hat Enterprise Linux 7 Affected gnutls Red Hat Enterprise Linux 8 Affected gnutls Red Hat Enterprise Linux 9 Affected gnutls Red Hat Hardened Images Affected gnutls Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-42010 https://nvd.nist.gov/vuln/detail/CVE-2026-42010