Description
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
Published: 2026-05-07
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in GnuTLS’s handling of RSA‑PSK authentication. When a client supplies a username that contains a NUL byte, the server truncates the string at the NUL and incorrectly matches the truncated value. A remote attacker can send a specially crafted username that contains a NUL character, causing the server to authenticate the attacker as if the username matched an existing account. This flaw enables attackers to bypass authentication entirely, potentially gaining unauthorized system access and compromising confidentiality, integrity, and availability of protected resources.

Affected Systems

Affected systems include various Red Hat distributions that ship the vulnerable GnuTLS version: Red Hat Enterprise Linux 6, 7, 8, 9, and 10, as well as Red Hat Hardened Images and Red Hat OpenShift Container Platform 4. The flaw is implemented in the GnuTLS library and thus impacts all services on these platforms that rely on RSA‑PSK authentication.

Risk and Exploitability

The vulnerability carries a CVSS base score of 7.1, indicating a high severity. EPSS is not available, and the issue is not listed in the CISA KEV catalog, so quantitative data on current exploitation probability is lacking. However, because it allows remote authentication bypass without any privileged state or local code execution, the theoretical risk remains substantial. Based on the description, it is inferred that the attack can be carried out over the network by an attacker who can initiate a TLS session and supply a crafted username; the necessary conditions are minimal, requiring only network access to an RSA‑PSK‑configured service.

Generated by OpenCVE AI on May 7, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Red Hat update that patches the GnuTLS RSA‑PSK username handling flaw on all affected Red Hat platforms.
  • If an immediate update is not possible, temporarily disable RSA‑PSK authentication or enforce strict username filtering to reject usernames containing NUL bytes.
  • In OpenShift Container Platform environments, upgrade to the latest Red Hat Hardened Image or the most recent OpenShift release that includes the patched GnuTLS library.

Generated by OpenCVE AI on May 7, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Redhat hardened Images
Redhat openshift Container Platform

Thu, 07 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287

Thu, 07 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-626
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
Title Gnutls: gnutls: authentication bypass via nul character in username
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-07T13:47:17.179Z

Reserved: 2026-04-23T11:23:46.517Z

Link: CVE-2026-42010

cve-icon Vulnrichment

Updated: 2026-05-07T13:46:44.564Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-07T12:16:17.977

Modified: 2026-05-07T15:16:09.640

Link: CVE-2026-42010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:24:51Z

Weaknesses