CVE-2026-10028
Awaiting Analysis Awaiting Analysis - Queue
glib-networking GnuTLS Certificate Verification DoS

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: Red Hat, Inc.

Description
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-10028
EUVD
EUVD-2026-33166
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
glib glib-networking *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability causes a denial of service by exhausting CPU resources during certificate verification, potentially disrupting the availability of affected applications.

While the vulnerability impacts service availability, there is no information provided about direct effects on data confidentiality or integrity.

Therefore, based on the available information, it is unclear how this vulnerability specifically affects compliance with standards like GDPR or HIPAA, which focus on data protection and privacy.

Executive Summary

This vulnerability exists in glib-networking when used with the GnuTLS backend for certificate verification. A remote attacker can exploit it by presenting a specially crafted certificate chain that contains circular issuer relationships. This causes the certificate verification process to enter an infinite loop.

The infinite loop leads to unbounded traversal during verification, which consumes excessive CPU resources.

As a result, the affected process or worker experiences a denial of service.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition.

Because the certificate verification process can enter an infinite loop consuming excessive CPU resources, the affected application or service may become unresponsive or crash.

This can disrupt normal operations and availability of services relying on glib-networking with GnuTLS backend.

Detection Guidance

This vulnerability can be detected by monitoring for unusually high CPU usage or hangs in applications using glib-networking with the GnuTLS backend during TLS certificate verification.

Since the issue arises from a specially crafted certificate chain with circular issuer relationships, detection involves observing TLS handshake failures or delays when connecting to suspicious or untrusted TLS servers.

No specific commands are provided in the available resources, but general approaches include using network monitoring tools to capture TLS handshakes and analyzing certificate chains for circular references.

Mitigation Strategies

Immediate mitigation steps include avoiding client certificate verification from untrusted sources to prevent processing malicious certificate chains.

Another recommended step is to use alternative TLS backends instead of the GnuTLS backend in glib-networking, if possible.

Additionally, enforcing handshake timeouts can help limit the impact of the infinite loop caused by circular certificate chains.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart