What is CVE-2026-5419?

CVE-2026-5419 is a low-severity vulnerability in Red Hat Enterprise Linux 10, classified under CWE-208. CVSS score: 3.7/10. Published 2026-06-01.

How severe is CVE-2026-5419?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Red Hat Enterprise Linux 10

CVE-2026-5419

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through obse…

EPSS: 0.000 (12.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Red Hat Enterprise Linux 10 — versions 0:3.8.10-4.el10_2
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9 — versions 0:3.8.10-4.el9_8
Red Hat Hardened Images
Red Hat Openshift Container Platform 4

Weakness classification (CWE)

CWE-208

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2026-5419?: CVE-2026-5419 is a low-severity vulnerability in Red Hat Enterprise Linux 10, classified under CWE-208. CVSS score: 3.7/10. Published 2026-06-01.
How severe is CVE-2026-5419?: Low severity. CVSS v3 base score is 3.7 out of 10.