CVE-2026-10028— Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceAffected Version Matrix 5
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | affected |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10028
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-10028
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10028
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-10028 (1)
Vendor Advisories for CVE-2026-10028 (1)
Other References for CVE-2026-10028 (1)
Same Patch Batch · Red Hat · 2026-05-28 · 14 CVEs total
| CVE-2026-4408 | 9.0 CRITICAL | Samba: remote code execution in samr |
| CVE-2026-9804 | 7.7 HIGH | Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read |
| CVE-2026-9795 | 7.3 HIGH | Keycloak: keycloak: privilege escalation via improper scope mapping enforcement |
| CVE-2026-44604 | 7.0 HIGH | Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level director |
| CVE-2026-9802 | 6.8 MEDIUM | Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster |
| CVE-2026-9792 | 6.5 MEDIUM | Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition |
| CVE-2026-9796 | 6.5 MEDIUM | Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnera |
| CVE-2026-9793 | 5.9 MEDIUM | Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing |
| CVE-2026-9794 | 5.3 MEDIUM | Keycloak: keycloak: information disclosure via saml ecp endpoint |
| CVE-2026-9803 | 5.3 MEDIUM | Keycloak: keycloak: denial of service via malformed authorization header |
| CVE-2026-9801 | 4.9 MEDIUM | Keycloak: keycloak: denial of service via malformed ldap password policy response |
| CVE-2026-9791 | 4.3 MEDIUM | Keycloak-rhel9: organization data leak after feature disabled in keycloak |
| CVE-2026-9798 | 4.3 MEDIUM | Keycloak: keycloak: brute-force protection bypass in ciba flow |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-6324
Libsoup: libsoup: http request smuggling via unsigned to sig - CVE-2026-4408
Samba: remote code execution in samr - CVE-2026-1933
Samba: missing access check on reparse point operations - CVE-2026-2340
Samba: vfs_worm does not block directory modification - CVE-2026-3012
Samba: group policy certificate enrollment uses http:// with
Same vendor: Red Hat
- CVE-2026-10101
Assisted-service: assisted-service: infraenv status leaks re - CVE-2026-46579
Openshift/router: openshift/router: mtls client certificate - CVE-2026-42965
Openshift/router: openshift/router: cloud metadata ssrf via - CVE-2026-10078
Quay/config-tool: quay/config-tool: gitlab oauth client_secr - CVE-2026-10052
Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap
Same weakness: CWE-835
V. Comments for CVE-2026-10028
No comments yet