Gnutls: gnutls: certificate validation bypass due to improper handling of...

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Description

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

Basic Information

ID CVE-2026-42012

Source redhat

Published May 26, 2026 at 21:29

Affected Product

Vendor Red Hat

Product Red Hat Enterprise Linux 10

CWE Classification

CWE-295

References

{
    "lastseen": "",
    "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
    "published": "2026-05-26T21:29:26.859Z",
    "modified": "2026-05-26T21:29:26.859Z",
    "type": "cve",
    "title": "Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-42012\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2467441",
    "id": "CVE-2026-42012",
    "bulletinFamily": "",
    "cwe": [
        "CWE-295"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat Enterprise Linux 10",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans_CVE-2026-42012