CVE-2026-42012 PUBLISHED

Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

Assigner: redhat
Reserved: 23.04.2026 Published: 26.05.2026 Updated: 27.05.2026

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
CVSS Score: 7.1

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
  • unaffected from 0:3.6.16-8.el8_10.6 to * (excl.)
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
  • unaffected from 0:3.6.16-8.el8_10.6 to * (excl.)
Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Hardened Images
Versions Default: affected
Vendor Red Hat
Product Red Hat OpenShift Container Platform 4
Versions Default: affected

Credits

  • Red Hat would like to thank Oleh Konko (1Seal) for reporting this issue.

References

Problem Types

  • Improper Certificate Validation CWE