CVE-2026-42013

Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

CVSS 8.2 HIGHEPSS 0.4%CWE-1284

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

26 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected products

Red Hat · Red Hat Discovery 2 Red Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 10.0 Extended Update Support Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat Hardened Images Red Hat · Red Hat OpenShift Container Platform 4 Red Hat · Red Hat Update Infrastructure 5

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2026:20611 https://access.redhat.com/errata/RHSA-2026:20612 https://access.redhat.com/errata/RHSA-2026:20613 https://access.redhat.com/errata/RHSA-2026:26319 https://access.redhat.com/errata/RHSA-2026:26409 https://access.redhat.com/errata/RHSA-2026:29197 https://access.redhat.com/security/cve/CVE-2026-42013 https://bugzilla.redhat.com/show_bug.cgi?id=2467448