Glib-Networking GnuTLS Cert Verification Infinite Loop DoS
CVE-2026-10028 Published on May 28, 2026
Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.
Vulnerability Analysis
CVE-2026-10028 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Timeline
Reported to Red Hat.
Made public. 24 days later.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2026-10028 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2026-10028
Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.
