High severity7.5NVD Advisory· Published May 18, 2026· Updated Jun 8, 2026
CVE-2026-42009
CVE-2026-42009
Description
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords8 versionspkg:rpm/almalinux/gnutlspkg:rpm/almalinux/gnutls-c%2B%2Bpkg:rpm/almalinux/gnutls-danepkg:rpm/almalinux/gnutls-develpkg:rpm/almalinux/gnutls-utilspkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 3.6.16-8.el8_10.6+ 7 more
- (no CPE)range: < 3.6.16-8.el8_10.6
- (no CPE)range: < 3.6.16-8.el8_10.6
- (no CPE)range: < 3.6.16-8.el8_10.6
- (no CPE)range: < 3.6.16-8.el8_10.6
- (no CPE)range: < 3.6.16-8.el8_10.6
- (no CPE)range: < 3.8.13-1.1
- (no CPE)range: < 3.4.17-8.23.1
- (no CPE)range: < 3.4.17-8.23.1
Patches
Vulnerability mechanics
References
6- access.redhat.com/errata/RHSA-2026:13274nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:20611nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:20612nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2026:20613nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2026-42009nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
1- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026