CVE-2026-42010

Daily digests

GnuTLS mishandles a NUL character in usernames during authentication, allowing an attacker to bypass authentication entirely. If your services rely on GnuTLS for TLS client certificate or SRP authentication, someone could slip past identity checks with a crafted username. CVSS 7.1, not yet exploited in the wild.

• Daily Digest · May 15, 2026

  Cisco SD-WAN auth bypass, CVSS 10.0