vulnerability

Oracle Linux: CVE-2026-42009: ELSA-2026-20611: gnutls security update (IMPORTANT)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

May 18, 2026

Added

Jun 4, 2026

Modified

Jun 4, 2026

Description

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

Solutions

oracle-linux-upgrade-gnutlsoracle-linux-upgrade-gnutls-coracle-linux-upgrade-gnutls-daneoracle-linux-upgrade-gnutls-develoracle-linux-upgrade-gnutls-utils

References

CVE-2026-42009
https://attackerkb.com/topics/CVE-2026-42009
ELSA-ELSA-2026-20611
CWE-475
EUVD-EUVD-2026-30769
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-30769

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report