{"id":"USN-8284-1","summary":"gnutls28 vulnerabilities","details":"Joshua Rogers discovered that GnuTLS did not properly handle malformed\nDTLS handshake fragments in certain cases. A remote attacker could\npossibly use this issue to obtain sensitive information, or cause a\ndenial of service. (CVE-2026-33845)\n\nHaruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did\nnot properly validate DTLS handshake fragment lengths in certain cases. A\nremote attacker could possibly use this issue to cause GnuTLS to crash,\nresulting in a denial of service, or execute arbitrary code.\n(CVE-2026-33846)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nvalidate OCSP responses in certain cases. A remote attacker could\npossibly use this issue to bypass certificate revocation checks, leading\nto a machine-in-the-middle attack. (CVE-2026-3832)\n\nOleh Konko and Joshua Rogers discovered that GnuTLS did not properly\nhandle case-insensitive name constraints in certain cases. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-3833)\n\nJoshua Rogers discovered that GnuTLS did not properly order DTLS packets\nwith duplicate sequence numbers in certain cases. A remote attacker could\npossibly use this issue to cause GnuTLS to crash, resulting in a denial\nof service. (CVE-2026-42009)\n\nJoshua Rogers discovered that GnuTLS did not properly handle usernames\ncontaining NUL characters in certain RSA-PSK configurations. A remote\nattacker could possibly use this issue to bypass authentication and gain\nunintended access to services. (CVE-2026-42010)\n\nHaruto Kimura discovered that GnuTLS did not properly apply permitted\nname constraints in certain certificate validation paths. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-42011)\n\nOleh Konko discovered that GnuTLS incorrectly fell back to Common Name\nchecks for certain URI and SRV subject alternative names. A remote\nattacker could possibly use this issue to bypass certificate validation,\nleading to a machine-in-the-middle attack. (CVE-2026-42012)\n\nHaruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell\nback to Common Name checks when subject alternative names were oversized.\nA remote attacker could possibly use this issue to bypass certificate\nvalidation, leading to a machine-in-the-middle attack. (CVE-2026-42013)\n\nLuigino Camastra and Joshua Rogers discovered that GnuTLS had a\nuse-after-free issue when changing PKCS#11 token security officer PINs in\ncertain cases. An attacker could possibly use this issue to cause GnuTLS\nto crash, resulting in a denial of service, or execute arbitrary code.\n(CVE-2026-42014)\n\nZou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag\nsizes in certain cases. An attacker could possibly use this issue to\ncause GnuTLS to crash, resulting in a denial of service, or execute\narbitrary code. (CVE-2026-42015)\n\nJoshua Rogers discovered that GnuTLS did not properly handle very short\npremaster secrets in certain RSA key exchange cases with PKCS#11-backed\nserver keys. A remote attacker could possibly use this issue to obtain\nsensitive information. (CVE-2026-5260)\n\nDoria Tang discovered that GnuTLS did not perform PKCS#7 padding checks\nin constant time in certain cases. A remote attacker could possibly use\nthis issue to obtain sensitive information. This issue only affected\nUbuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5419)","modified":"2026-06-02T14:00:10.421757288Z","published":"2026-05-20T12:57:03Z","related":["UBUNTU-CVE-2026-33845","UBUNTU-CVE-2026-33846","UBUNTU-CVE-2026-3832","UBUNTU-CVE-2026-3833","UBUNTU-CVE-2026-42009","UBUNTU-CVE-2026-42010","UBUNTU-CVE-2026-42011","UBUNTU-CVE-2026-42012","UBUNTU-CVE-2026-42013","UBUNTU-CVE-2026-42014","UBUNTU-CVE-2026-42015","UBUNTU-CVE-2026-5260","UBUNTU-CVE-2026-5419"],"upstream":["UBUNTU-CVE-2026-3832","UBUNTU-CVE-2026-3833","UBUNTU-CVE-2026-5260","UBUNTU-CVE-2026-5419","UBUNTU-CVE-2026-33845","UBUNTU-CVE-2026-33846","UBUNTU-CVE-2026-42009","UBUNTU-CVE-2026-42010","UBUNTU-CVE-2026-42011","UBUNTU-CVE-2026-42012","UBUNTU-CVE-2026-42013","UBUNTU-CVE-2026-42014","UBUNTU-CVE-2026-42015"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8284-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3832"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3833"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-5260"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-5419"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-33845"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-33846"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42009"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42010"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42011"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42012"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42013"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42014"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42015"}],"affected":[{"package":{"name":"gnutls28","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-4ubuntu1.9"}]}],"versions":["3.7.1-5ubuntu1","3.7.2-2ubuntu1","3.7.2-4ubuntu1","3.7.2-5ubuntu1","3.7.3-4ubuntu1","3.7.3-4ubuntu1.1","3.7.3-4ubuntu1.2","3.7.3-4ubuntu1.3","3.7.3-4ubuntu1.4","3.7.3-4ubuntu1.5","3.7.3-4ubuntu1.6","3.7.3-4ubuntu1.7","3.7.3-4ubuntu1.8"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"gnutls-bin","binary_version":"3.7.3-4ubuntu1.9"},{"binary_name":"guile-gnutls","binary_version":"3.7.3-4ubuntu1.9"},{"binary_name":"libgnutls-dane0","binary_version":"3.7.3-4ubuntu1.9"},{"binary_name":"libgnutls-openssl27","binary_version":"3.7.3-4ubuntu1.9"},{"binary_name":"libgnutls30","binary_version":"3.7.3-4ubuntu1.9"},{"binary_name":"libgnutlsxx28","binary_version":"3.7.3-4ubuntu1.9"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8284-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2026-3832","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-3833","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5260","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33845","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33846","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42009","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42010","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42011","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42012","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42013","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42014","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42015","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.3-1.1ubuntu3.6"}]}],"versions":["3.8.1-4ubuntu1","3.8.1-4ubuntu6","3.8.1-4ubuntu7","3.8.3-1ubuntu1","3.8.3-1.1ubuntu2","3.8.3-1.1ubuntu3","3.8.3-1.1ubuntu3.1","3.8.3-1.1ubuntu3.2","3.8.3-1.1ubuntu3.3","3.8.3-1.1ubuntu3.4","3.8.3-1.1ubuntu3.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"gnutls-bin","binary_version":"3.8.3-1.1ubuntu3.6"},{"binary_name":"libgnutls-dane0t64","binary_version":"3.8.3-1.1ubuntu3.6"},{"binary_name":"libgnutls-openssl27t64","binary_version":"3.8.3-1.1ubuntu3.6"},{"binary_name":"libgnutls30t64","binary_version":"3.8.3-1.1ubuntu3.6"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8284-1.json","cves_map":{"cves":[{"id":"CVE-2026-3832","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-3833","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5260","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5419","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33845","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33846","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42009","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42010","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42011","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42012","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42013","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42014","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42015","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.9-3ubuntu2.2"}]}],"versions":["3.8.9-2ubuntu3","3.8.9-3ubuntu1","3.8.9-3ubuntu2","3.8.9-3ubuntu2.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"gnutls-bin","binary_version":"3.8.9-3ubuntu2.2"},{"binary_name":"libgnutls-dane0t64","binary_version":"3.8.9-3ubuntu2.2"},{"binary_name":"libgnutls-openssl27t64","binary_version":"3.8.9-3ubuntu2.2"},{"binary_name":"libgnutls30t64","binary_version":"3.8.9-3ubuntu2.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8284-1.json","cves_map":{"cves":[{"id":"CVE-2026-3832","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-3833","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5260","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5419","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33845","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33846","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42009","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42010","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42011","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42012","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42013","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42014","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42015","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"}}},{"package":{"name":"gnutls28","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/gnutls28?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.12-2ubuntu1.1"}]}],"versions":["3.8.9-3ubuntu2","3.8.10-3ubuntu1","3.8.12-2ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"gnutls-bin","binary_version":"3.8.12-2ubuntu1.1"},{"binary_name":"libgnutls-dane0t64","binary_version":"3.8.12-2ubuntu1.1"},{"binary_name":"libgnutls-openssl27t64","binary_version":"3.8.12-2ubuntu1.1"},{"binary_name":"libgnutls30t64","binary_version":"3.8.12-2ubuntu1.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8284-1.json","cves_map":{"cves":[{"id":"CVE-2026-3832","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-3833","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5260","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-5419","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33845","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33846","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42009","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42010","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42011","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42012","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42013","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42014","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42015","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:26.04:LTS"}}}],"schema_version":"1.7.5"}