CVE-2026-10028 MEDIUM

CVE-2026-10028: Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-835
Published May 28, 2026
Last update May 29, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
May 29, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11626 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input CVE-2026-6522 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark CVE-2026-20054 Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Infinite Loop Denial of Service Vulnerability CVE-2021-29510 Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic