Ghostwire

CVE-2026-5260: A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key...

HIGH CVSS 8.2 Exploit Available

Published: May 26, 2026 | Last Modified: May 27, 2026

Description

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

access.redhat.com/errata/RHSA-2026:20611
access.redhat.com/security/cve/CVE-2026-5260
bugzilla.redhat.com/show_bug.cgi?id=2467450
www.tenable.com/cve/CVE-2026-5260
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-5260