CVE-2026-42010: GnuTLS RSA-PSK NUL Byte Authentication Bypass
The National Vulnerability Database has detailed CVE-2026-42010, a critical flaw in GnuTLS. This vulnerability specifically impacts servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) authentication. The core issue lies in how these servers handle usernames containing a NUL character, causing them to incorrectly match them with truncated usernames. This isn’t a theoretical issue; it’s a direct authentication bypass.
An attacker can exploit this by crafting a specific username, tricking the server into granting unauthorized access. The CVSSv3.1 score of 7.1 (High) with an AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N vector indicates a network-exploitable flaw requiring low privileges to achieve high confidentiality impact and low integrity impact, with no availability impact. This is a severe problem for any organization relying on GnuTLS with RSA-PSK.
For defenders, this means a remote attacker can circumvent authentication entirely. The attacker’s calculus is simple: find a target running GnuTLS with RSA-PSK, craft the malicious username, and gain entry. This bypass opens the door to further internal reconnaissance, data exfiltration, or lateral movement, making it a prime initial access vector.
What This Means For You
- If your organization uses GnuTLS with RSA-PSK authentication, you are directly exposed to CVE-2026-42010. You must identify all instances running this configuration immediately. Prioritize patching GnuTLS installations to address this NUL byte authentication bypass and audit logs for any suspicious authentication attempts using malformed usernames.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-42010: GnuTLS RSA-PSK Null Byte Authentication Bypass Attempt
title: CVE-2026-42010: GnuTLS RSA-PSK Null Byte Authentication Bypass Attempt
id: scw-2026-05-07-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-42010 by sending a username containing a null byte ('\x00') to bypass RSA-PSK authentication in GnuTLS. This specific character sequence is indicative of an exploit attempt targeting this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-42010/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: authentication
detection:
selection:
User|contains:
- '\x00'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-42010 | Auth Bypass | gnutls servers configured with RSA-PSK |
| CVE-2026-42010 | Auth Bypass | username containing a NUL character |
| CVE-2026-42010 | Auth Bypass | specially crafted username |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 07, 2026 at 15:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
DivvyDrive XSS Vulnerability (CVE-2026-6002) Poses High Risk
CVE-2026-6002 — Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS)....
DivvyDrive Critical CSRF Vulnerability: CVE-2026-5791 Poses Remote Attack Risk
CVE-2026-5791 — Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before...
DivvyDrive Stored XSS Vulnerability (CVE-2026-5784) Poses High Risk
CVE-2026-5784 — Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects...