A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
History

Tue, 30 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
References

Mon, 29 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.4::appstream
cpe:/o:redhat:rhel_e4s:9.4::baseos
References

Mon, 29 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus Long Life
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_eus_long_life:8.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus Long Life
Redhat rhel Tus
References

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
cpe:/o:redhat:rhel_eus:9.6::baseos
Vendors & Products Redhat rhel Eus
References

Thu, 25 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-126
References

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
Redhat rhui
CPEs cpe:/a:redhat:rhui:5::el9
cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
Redhat rhui
References

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Mon, 01 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform

Wed, 27 May 2026 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
Title Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-1284
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-09T06:25:04.865Z

Reserved: 2026-03-31T16:25:06.721Z

Link: CVE-2026-5260

cve-icon Vulnrichment

Updated: 2026-05-27T13:37:05.687Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T22:16:44.170

Modified: 2026-06-17T13:20:52.260

Link: CVE-2026-5260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T01:00:06Z