Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

UBUNTU-CVE-2026-5419 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2026-5419

UBUNTU-CVE-2026-5419

MEDIUM5.5

The PKCS#7 padding check performed during decryption was not constant-time, potentially leaking information about the padding bytes through timing differences.

Published Apr 30, 2026

Modified 2 days ago

Fix available

Details

The PKCS#7 padding check performed during decryption was not constant-time, potentially leaking information about the padding bytes through timing differences.

Affected Packages

gnutls28

Ubuntu 24.04 LTS

Fixed in:

3.8.3-1.1ubuntu3.6

gnutls28

Ubuntu 25.10

Fixed in:

3.8.9-3ubuntu2.2

gnutls28

Ubuntu 26.04 LTS

Fixed in:

3.8.12-2ubuntu1.1

gnutls28

Ubuntu Pro FIPS-updates 24.04 LTS

Affected versions:

3.8.3-1.1ubuntu3.1+Fips13.8.3-1.1ubuntu3.4+Fips13.8.3-1.1ubuntu3.4+Fips1.13.8.3-1.1ubuntu3.5+Fips1.1

References

https://ubuntu.com/security/CVE-2026-5419

https://ubuntu.com/security/notices/USN-8284-1

https://www.cve.org/CVERecord?id=CVE-2026-5419

https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13

Upstream

Related

Ecosystems

Ubuntu 24.04 LTS Ubuntu 25.10 Ubuntu 26.04 LTS Ubuntu Pro FIPS-updates 24.04 LTS

Timeline

PublishedApr 30, 2026

ModifiedMay 20, 2026