CVE-2026-42010

ADVISORY - nist

Summary

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

EPSS Score⁠: 0.00125 (0.313)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-626⁠

Null Byte Interaction Error (Poison Null Byte)

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.