CVE-2026-3832

low

Red Hat

CVSS v3 Base Score

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

None

Availability

None

Published: April 30, 2026 (13 days ago)

Last Modified: April 30, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

CWE

CWE-179

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 gitlab.com

CVE-2026-3832

Vulnerability Report

Description

CWE

Affected Products

References