CVE-2026-10028
Publication date 29 May 2026
Last updated 2 June 2026
Ubuntu priority
Description
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| glib-networking | 26.04 LTS resolute |
Vulnerable, fix deferred
|
| 25.10 questing |
Vulnerable, fix deferred
|
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |