You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-3832
About this tag
CVE-2026-3832 is a low-severity vulnerability in GnuTLS disclosed on April 30, 2026, involving a crafted multi-entry OCSP response that can cause clients with OCSP verification enabled to accept a revoked server certificate during a TLS handshake. While the flaw is specific to GnuTLS, it highlights a broader concern for Windows administrators who manage systems that depend on Linux libraries, container images, WSL workloads, appliances, or cross-platform tooling. The tag covers discussions about the technical details of the flaw, its CVSS score, and the implications for trust in TLS certificate revocation mechanisms, particularly in mixed-OS environments.
CVE-2026-3832 is a low-severity GnuTLS revocation-checking flaw disclosed publicly on April 30, 2026, in which a crafted multi-entry OCSP response can cause clients with OCSP verification enabled to accept a revoked server certificate during a TLS handshake. That sounds narrow, and it is. But it...