CVE-2026-5419
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
A flaw was found in GnuTLS where the PKCS#7 padding check during decryption was not constant-time. This timing side-channel could allow a remote attacker to leak sensitive information about padding bytes through observable timing differences.
Risk Assessment
An attacker could exploit timing differences to recover sensitive data, posing a risk to the confidentiality of processed information in systems using GnuTLS for decryption with PKCS#7 padding.
Recommendation
Immediately update GnuTLS to a version that fixes the constant-time padding check for PKCS#7. If an update is not possible, consider temporarily disabling decryption with PKCS#7 padding.
Original NVD description (English source)
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

