CVE & CISA-KEV Catalog

CVE-2026-3832

LOW
3.7
CVSS v3
NVD

Description

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

How to fix

Remediation Available
gnutls28Debian
Fixed in:3.8.9-3+deb13u4CVE-2026-3832
Fixed in:3.8.13-1CVE-2026-3832
gnutlsRocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:main@aarch64RHSA-2026:13274
Fixed in:main@srcRHSA-2026:13274
Fixed in:main@x86_64RHSA-2026:13274
Fixed in:main@noarchRHSA-2026:13274
gnutlsRed Hat / RHEL
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:main@x86_64RHSA-2026:13274
Fixed in:main@noarchRHSA-2026:13274
Fixed in:main@aarch64RHSA-2026:13274
Fixed in:main@srcRHSA-2026:13274
gnutls-c++Red Hat / RHEL
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-c++Rocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-c++-debuginfoRocky
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-c++-debuginfoRed Hat / RHEL
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-daneRocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-daneRed Hat / RHEL
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-dane-debuginfoRocky
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-dane-debuginfoRed Hat / RHEL
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-debuginfoRocky
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-debuginfoRed Hat / RHEL
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-debugsourceRed Hat / RHEL
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-debugsourceRocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-develRed Hat / RHEL
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-develRocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-fipsRocky
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-fipsRed Hat / RHEL
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-utilsRed Hat / RHEL
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-utilsRocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
gnutls-utils-debuginfoRocky
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
gnutls-utils-debuginfoRed Hat / RHEL
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.9-9.el10_0.19RHSA-2026:26409
Fixed in:0:3.8.10-4.el10_2RHSA-2026:20613
registry.redhat.io/discovery/discoveryRed Hat / RHEL
Fixed in:ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64RHSA-2026:29197
Fixed in:server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64RHSA-2026:29197
Fixed in:ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64RHSA-2026:29197
Fixed in:server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64RHSA-2026:29197
registry.redhat.io/discovery/discoveryRocky
Fixed in:ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64RHSA-2026:29197
Fixed in:server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64RHSA-2026:29197
Fixed in:ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64RHSA-2026:29197
Fixed in:server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64RHSA-2026:29197
registry.redhat.io/rhui5/cdsRed Hat / RHEL
Fixed in:rhel9@sha256:5c18f8336186fb1c9dbc1e710e91420ca3f5eca92b081cace3325585789f4825_amd64RHSA-2026:26319
Fixed in:kubernetes-rhel9@sha256:2958104c085c46561c9453784a06a36ab12a27e21ba1e732b4b30a092bb58805_amd64RHSA-2026:26319
registry.redhat.io/rhui5/cdsRocky
Fixed in:rhel9@sha256:5c18f8336186fb1c9dbc1e710e91420ca3f5eca92b081cace3325585789f4825_amd64RHSA-2026:26319
Fixed in:kubernetes-rhel9@sha256:2958104c085c46561c9453784a06a36ab12a27e21ba1e732b4b30a092bb58805_amd64RHSA-2026:26319
registry.redhat.io/rhui5/haproxyRocky
Fixed in:rhel9@sha256:66ccfb245bd6461e49aa0c84742710b557b9924baaef38e02904c6fd2f8db0c5_amd64RHSA-2026:26319
registry.redhat.io/rhui5/haproxyRed Hat / RHEL
Fixed in:rhel9@sha256:66ccfb245bd6461e49aa0c84742710b557b9924baaef38e02904c6fd2f8db0c5_amd64RHSA-2026:26319
registry.redhat.io/rhui5/installerRed Hat / RHEL
Fixed in:rhel9@sha256:4b793b24511377dd18beae2f85792e8b2af0c615837155137a62f65e171ca0d7_amd64RHSA-2026:26319
registry.redhat.io/rhui5/installerRocky
Fixed in:rhel9@sha256:4b793b24511377dd18beae2f85792e8b2af0c615837155137a62f65e171ca0d7_amd64RHSA-2026:26319
registry.redhat.io/rhui5/rhuaRocky
Fixed in:rhel9@sha256:a79dde325d7229002a36a0a8ad75ae8c25e96004a9e5f0b90c51fc335460dccf_amd64RHSA-2026:26319
registry.redhat.io/rhui5/rhuaRed Hat / RHEL
Fixed in:rhel9@sha256:a79dde325d7229002a36a0a8ad75ae8c25e96004a9e5f0b90c51fc335460dccf_amd64RHSA-2026:26319
gnutls28Ubuntu
Fixed in:3.7.3-4ubuntu1.9USN-8284-1
Fixed in:3.8.3-1.1ubuntu3.6USN-8284-1
Fixed in:3.8.9-3ubuntu2.2USN-8284-1
libgnutls30Ubuntu
Fixed in:3.7.3-4ubuntu1.9USN-8284-1
libgnutls30t64Ubuntu
Fixed in:3.8.3-1.1ubuntu3.6USN-8284-1
Fixed in:3.8.9-3ubuntu2.2USN-8284-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploit Intelligence

0.72%probability of exploitation in 30 days
49thpercentile

Moderate risk: more likely to be exploited than 49% of all known CVEs.

References

Embed a live status badge for CVE-2026-3832
CVE-2026-3832 severity badge

Markdown

[![CVE-2026-3832](https://tridentstack.com/cve/badge/CVE-2026-3832.svg)](https://tridentstack.com/cve/CVE-2026-3832)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-3832"><img src="https://tridentstack.com/cve/badge/CVE-2026-3832.svg" alt="CVE-2026-3832"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-24.