CVE-2026-10028

EUVD-2026-33166

28.05.2026, 23:16

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Debian Releases

Debian Product

Codename

glib-networking

bookworm	postponed
bullseye	vulnerable
forky	vulnerable
sid	vulnerable
trixie	postponed

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://access.redhat.com/security/cve/CVE-2026-10028

https://bugzilla.redhat.com/show_bug.cgi?id=2465152

https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231