CVE-2026-42014 is a use-after-free vulnerability in GnuTLS, a widely used cryptographic library, specifically in the function responsible for setting PKCS#11 token PINs. Use-after-free flaws occur when a programme continues to use memory after it has been freed, potentially allowing attackers to execute arbitrary code or cause a crash. This matters because GnuTLS underpins TLS/SSL operations in many Linux-based workloads, including those running on Azure.

Security Architect’s Take: Identify any Azure Linux VMs, containers, or services that use GnuTLS with PKCS#11 hardware security module (HSM) or token-based authentication, and prioritise patching the GnuTLS library to the remediated version. If patching cannot be applied immediately, consider restricting access to PKCS#11 token management interfaces as a compensating control.

Original advisory: CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin