CVE Catalog

CVE-2026-3832

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.65%

46th percentile — higher than 46% of all known CVEs

Summary

A flaw was found in gnutls that could be exploited by a remote attacker by presenting a specially crafted OCSP response during a TLS handshake. A logic error in processing multi-record OCSP responses may cause a client with OCSP verification enabled to incorrectly accept a revoked server certificate.

Risk Assessment

The organization may lose trust in server certificates, leading to potential security compromises. Accepting revoked certificates could allow attackers to intercept communications.

Recommendation

It is recommended to update gnutls to the latest version to mitigate this vulnerability. Consider disabling OCSP verification until patches are applied.

Original NVD description (English source)

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS