Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5260

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-26 May, 2026 | 21:29
Updated At-24 Jun, 2026 | 16:33
Rejected At-
Credits

Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:26 May, 2026 | 21:29
Updated At:24 Jun, 2026 | 16:33
Rejected At:
â–¼CVE Numbering Authority (CNA)
Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Versions
Unaffected
  • From 0:3.8.10-4.el10_2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10.0 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Versions
Unaffected
  • From 0:3.8.9-9.el10_0.19 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:3.6.16-8.el8_10.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:3.6.16-8.el8_10.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:3.8.10-4.el9_8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:3.8.10-4.el9_8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Discovery 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
discovery/discovery-server-rhel9
CPEs
  • cpe:/a:redhat:discovery:2::el9
Default Status
affected
Versions
Unaffected
  • From 1782159791 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Discovery 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
discovery/discovery-ui-rhel9
CPEs
  • cpe:/a:redhat:discovery:2::el9
Default Status
affected
Versions
Unaffected
  • From 1782166952 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Update Infrastructure 5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhui5/cds-rhel9
CPEs
  • cpe:/a:redhat:rhui:5::el9
Default Status
affected
Versions
Unaffected
  • From 1781525684 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Update Infrastructure 5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhui5/haproxy-rhel9
CPEs
  • cpe:/a:redhat:rhui:5::el9
Default Status
affected
Versions
Unaffected
  • From 1781525671 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Update Infrastructure 5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhui5/installer-rhel9
CPEs
  • cpe:/a:redhat:rhui:5::el9
Default Status
affected
Versions
Unaffected
  • From 1781525693 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Update Infrastructure 5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhui5/rhua-rhel9
CPEs
  • cpe:/a:redhat:rhui:5::el9
Default Status
affected
Versions
Unaffected
  • From 1781525739 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Hardened Images
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:hummingbird:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-1284Improper Validation of Specified Quantity in Input
Type: CWE
CWE ID: CWE-1284
Description: Improper Validation of Specified Quantity in Input
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Red Hat would like to thank Joshua Rogers (AISLE Research Team) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-05-06 19:50:31
Made public.2026-04-29 00:00:00
Event: Reported to Red Hat.
Date: 2026-05-06 19:50:31
Event: Made public.
Date: 2026-04-29 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2026:20611
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20612
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20613
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26319
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26409
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29197
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-5260
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2467450
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20611
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20612
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20613
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26319
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26409
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29197
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-5260
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2467450
Resource:
issue-tracking
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:26 May, 2026 | 22:16
Updated At:24 Jun, 2026 | 17:17

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-1284Secondarysecalert@redhat.com
CWE ID: CWE-1284
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2026:20611secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20612secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20613secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:26319secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:26409secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:29197secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2026-5260secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2467450secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20611
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20612
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20613
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26319
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26409
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29197
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-5260
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2467450
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-35091
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.87% / 54.03%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 13:18
Updated-29 May, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Corosync: corosync: denial of service and information disclosure via crafted udp packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents

Action-Not Available
Vendor-corosyncRed Hat, Inc.
Product-enterprise_linuxopenshiftcorosyncRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-253
Incorrect Check of Function Return Value
CVE-2026-9704
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 21.52%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:56
Updated-10 Jun, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.6Red Hat build of Keycloak 26.6.3
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-9801
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.44% / 35.20%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 04:42
Updated-10 Jun, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.6Red Hat build of Keycloak 26.6.3
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-42013
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.29% / 20.30%
||
7 Day CHG-0.11%
Published-26 May, 2026 | 21:29
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4Red Hat Discovery 2Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2013-0270
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-3.01% / 85.67%
||
7 Day CHG~0.00%
Published-12 Apr, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keystone: openstack keystone: denial of service via large http request with long tenant name

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-keystoneRed Hat OpenStack Platform 18.0Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-11568
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 0.73%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 19:37
Updated-25 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Luksmeta: data corruption when handling luks1 partitions with luksmeta

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

Action-Not Available
Vendor-LatchsetRed Hat, Inc.
Product-Red Hat OpenShift Container Platform 4luksmetaRed Hat Enterprise Linux 7Red Hat In-Vehicle Operating System 1Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-31346
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-1.90% / 77.03%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-11 Mar, 2025 | 09:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3talon_tc_compactnucleus_nettalon_tc_compact_firmwareapogee_pxc_compactapogee_modular_equiment_controller_firmwareapogee_pxc_compact_firmwareapogee_modular_equiment_controllerapogee_modular_building_controllercapital_vstarapogee_pxc_modular_firmwareapogee_pxc_modularnucleus_readystart_v4talon_tc_modular_firmwaretalon_tc_modularapogee_modular_building_controller_firmwarenucleus_source_codePLUSCONTROL 1st GenSIMOTICS CONNECT 400Capital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
Details not found