CVE-2026-42014

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.6 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H                                    

Vulnerability Description

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Vulnerability Details

Published Date

June 16, 2026

Last Modified

June 16, 2026

CWE ID

CWE-825

Source

NVD

Vendor

Red Hat

Product

Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4

External References

https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/security/cve/CVE-2026-42014
https://bugzilla.redhat.com/show_bug.cgi?id=2467451
https://gitlab.com/gnutls/gnutls/-/issues/1766
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9

CVE-2026-42014

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment