CVE-2026-3832

Description

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

CVSS v3.1 Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.04%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-179 CWE-179

Affected Products

Vendor	Product	Versions
gnu	gnutls	All
redhat	hardened_images	All
redhat	openshift_container_platform	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All

References

Advisories & Patches

https://gitlab.com/gnutls/gnutls/-/issues/1801 https://gitlab.com/gnutls/gnutls/-/issues/1801

Exploits

https://gitlab.com/gnutls/gnutls/-/issues/1801 https://gitlab.com/gnutls/gnutls/-/issues/1801

Other References

https://access.redhat.com/errata/RHSA-2026:13274 https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762

Frequently Asked Questions

What is CVE-2026-3832? +

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust. It has a CVSS v3.1 base score of 3.7 (LOW).

How severe is CVE-2026-3832? +

CVE-2026-3832 has a CVSS v3.1 score of 3.7 out of 10, rated LOW. This is a low-severity vulnerability with limited impact. The EPSS score is 0.0002, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-3832? +

CVE-2026-3832 affects products from gnu, redhat, specifically: enterprise_linux, gnutls, hardened_images, openshift_container_platform. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-3832? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-4759 8.3

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of …

CVE-2024-41686 3.3

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this …

CVE-2026-5450 9.8

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to …

CVE-2024-39331 9.8

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such …

CVE-2024-38428 9.1

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be …

CVE-2024-27632 8.8

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the …