GNUTLS RSA-PSK Username NUL Bypass Auth
CVE-2026-42010 Published on May 7, 2026

Gnutls: gnutls: authentication bypass via nul character in username
A flaw was found in gnutls. Servers configured with RSA-PSK (RivestShamirAdleman Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-42010 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is a Poison Null Byte Vulnerability?

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

CVE-2026-42010 has been classified to as a Poison Null Byte vulnerability or weakness.


Products Associated with CVE-2026-42010

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-42010 are published in these products:

Red Hat Enterprise Linux (RHEL)
 
Red Hat Hummingbird
 
Red Hat Openshift
 
Canonical Ubuntu Linux
 

Affected Versions

Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Hardened Images: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 9: Red Hat OpenShift Container Platform 4: