VDB

CVE-2026-5419

CVE-2026-5419 PUBLISHED CVSS 3.7 LOW

Reported by redhat · Published June 1, 2026

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

Risk Scores

CVSS 3.1
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 100:3.8.10-4.el10_2
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:3.8.9-9.el10_0.19
Red HatRed Hat Enterprise Linux 90:3.8.10-4.el9_8
Red HatRed Hat Enterprise Linux 90:3.8.10-4.el9_8
Red HatRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions0:3.8.3-4.el9_4.6
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:3.8.3-6.el9_6.4
Red HatRed Hat Discovery 21782159791
Red HatRed Hat Discovery 21782166952
Red HatRed Hat Hardened Images3.8.13-1.hum1
Red HatRed Hat Update Infrastructure 51781525684
Red HatRed Hat Update Infrastructure 51781525671
Red HatRed Hat Update Infrastructure 51781525693
Red HatRed Hat Update Infrastructure 51781525739
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions0:3.8.3-4.el9_4.6, 0:3.8.3-4.el9_4.6, 0:3.8.3-4.el9_4.6
Red HatRed Hat Enterprise Linux 100:3.8.10-4.el10_2, 0:3.8.10-4.el10_2, 0:3.8.10-4.el10_2

…and 16 more

Timeline

  • Apr 30, 2026 CVE Published
  • Jun 2, 2026 Distribution Patch
  • Jun 2, 2026 Security Advisory
  • Jun 3, 2026 Coalition ESS Score
  • Jun 3, 2026 Distribution Patch
  • Jun 3, 2026 Security Advisory
  • Jun 3, 2026 Distribution Patch
  • Jun 3, 2026 Security Advisory
  • Jun 5, 2026 EPSS Score
  • Jun 5, 2026 Distribution Patch
  • Jun 17, 2026 Distribution Patch
  • Jun 17, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›