CVE-2026-5419

LOW EPSS 28.8%

Published Jun 1, 20264w ago · Modified Jun 17, 20261w ago

3.7 CVSS 3.1

Low

Published Jun 1, 2026 4w ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

CVSS Details

Base Score

3.7

Exploitability

2.2

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

28.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-208

References 6

access.redhat.com https://access.redhat.com/errata/RHSA-2026:20612
access.redhat.com https://access.redhat.com/errata/RHSA-2026:20613
access.redhat.com https://access.redhat.com/errata/RHSA-2026:26319
access.redhat.com https://access.redhat.com/errata/RHSA-2026:26409
access.redhat.com https://access.redhat.com/security/cve/CVE-2026-5419
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2467686

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.