← back
CVE-2026-42012

Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

CVSS 7.1 HIGHEPSS 0.3%CWE-295
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
26 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Affected products
Red Hat · Red Hat Discovery 2Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat · Red Hat Hardened ImagesRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Update Infrastructure 5

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2026:20611https://access.redhat.com/errata/RHSA-2026:20612https://access.redhat.com/errata/RHSA-2026:20613https://access.redhat.com/errata/RHSA-2026:26319https://access.redhat.com/errata/RHSA-2026:26409https://access.redhat.com/errata/RHSA-2026:29197https://access.redhat.com/errata/RHSA-2026:30004https://access.redhat.com/errata/RHSA-2026:30849https://access.redhat.com/errata/RHSA-2026:30850https://access.redhat.com/errata/RHSA-2026:32962https://access.redhat.com/security/cve/CVE-2026-42012https://bugzilla.redhat.com/show_bug.cgi?id=2467441