A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-42010 reveals a critical flaw in GnuTLS servers using RSA-PSK authentication, where usernames containing NUL characters are incorrectly matched against truncated usernames. This vulnerability creates a direct path to authentication bypass—an attacker can craft a username like "admin\x00garbage" that matches legitimate accounts by exploiting how the server truncates at the NUL byte during comparison. Organizations relying on GnuTLS for RSA-PSK authentication are particularly at risk, as the flaw undermines the fundamental security assumption that each username uniquely identifies a user. The high CVSS score (7.1) reflects the severity of gaining unauthorized access through credential manipulation rather than cryptographic breaking.
While this CVE maps to CWE-626 (Untrusted Search Path) rather than specific MITRE ATT&CK techniques, Casky's AI-driven approach would detect the behavioral patterns of exploitation through its 754 security skills by identifying anomalous authentication sequences. A practitioner monitoring through Casky would observe findings consistent with T1078 (Valid Accounts) abuse—specifically login attempts with malformed usernames containing null bytes, followed by successful authentication to accounts the attacker shouldn't access. Extended reasoning across these skills would correlate the unusual username structure with successful session establishment, flagging the string truncation logic as the attack vector. Though Casky currently has zero direct mappings to this CVE, practitioners would see alerts on suspicious authentication patterns and input validation failures that precede the bypass, enabling detection of exploitation attempts before unauthorized access is fully established.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-42010. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation