CVE-2026-3832
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk46th percentile — higher than 46% of all known CVEs
Summary
A flaw was found in gnutls that could be exploited by a remote attacker by presenting a specially crafted OCSP response during a TLS handshake. A logic error in processing multi-record OCSP responses may cause a client with OCSP verification enabled to incorrectly accept a revoked server certificate.
Risk Assessment
The organization may lose trust in server certificates, leading to potential security compromises. Accepting revoked certificates could allow attackers to intercept communications.
Recommendation
It is recommended to update gnutls to the latest version to mitigate this vulnerability. Consider disabling OCSP verification until patches are applied.
Original NVD description (English source)
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

